W3C home > Mailing lists > Public > public-webappsec@w3.org > July 2016

Call for Consensus: Stop work and transition 3 Working Drafts to Working Group Notes

From: Brad Hill <hillbrad@gmail.com>
Date: Tue, 12 Jul 2016 21:33:27 +0000
Message-ID: <CAEeYn8ho7i7pNBR0VLLs+sjpiWkVxfe6mpwKTRebuhiPwN+YzQ@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>, David Ross <drx@google.com>
This is a call for consensus to transition three Working Drafts of the Web
Application Security WG to "Working Group Note" status and indicate that
they are no longer under active development towards the Recommendation
Track, as discussed at the May F2F and briefly on the list.

The following specifications are proposed for transition:
---------------------------------------------------
Entry Point Regulation
https://www.w3.org/TR/epr/

Last updated ~1 year ago.
Reason to transition to Note: Same-site cookies (
https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00) provide
much of the intended attack surface reduction more simply
---------------------------------------------------


---------------------------------------------------
CSP Cookie Controls
https://www.w3.org/TR/csp-cookies/

Last updated ~6 months ago.
Reason to transition to Note: The Feature Policy proposal (
https://wicg.github.io/feature-policy/) could be a better home for the
intended functionality as part of a broader and more coherent approach,
rather than putting this into CSP.
---------------------------------------------------

---------------------------------------------------
CSP Pinning
https://www.w3.org/TR/csp-pinning/

Last updated ~6 months ago.
Reason to transition to Note: While this kind of feature is still
considered useful, like Cookie Controls and Feature Policy, the editor
feels it would be better managed as part of a more generalized strategy for
header pinning, and as part of that, with a strategy perhaps along the
lines of a manifest, well-known resource or service worker that doesn't
incur the cost of sending the pinning header with every request.
---------------------------------------------------

This CfC will be discussed on tomorrow's regularly scheduled working group
teleconference (agenda to follow shortly on this list) and will close on
Friday, 22-July-2016.

Positive responses encouraged, silence is consent.

Thank you,

Brad Hill
Received on Tuesday, 12 July 2016 21:34:08 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:20 UTC