- From: Daniel Veditz <dveditz@mozilla.com>
- Date: Mon, 18 Jul 2016 13:04:43 -0700
- To: Brad Hill <hillbrad@gmail.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
- Message-ID: <CADYDTCAyHrbKg7H=f2po6sYKuwrAggRMwtxL0Bvkdj_4YaoZng@mail.gmail.com>
[removing chair hat] I've spoken with the Mozilla WASWG members and we agree with transitioning these three documents. -Dan Veditz On Tue, Jul 12, 2016 at 2:33 PM, Brad Hill <hillbrad@gmail.com> wrote: > This is a call for consensus to transition three Working Drafts of the Web > Application Security WG to "Working Group Note" status and indicate that > they are no longer under active development towards the Recommendation > Track, as discussed at the May F2F and briefly on the list. > > The following specifications are proposed for transition: > --------------------------------------------------- > Entry Point Regulation > https://www.w3.org/TR/epr/ > > Last updated ~1 year ago. > Reason to transition to Note: Same-site cookies ( > https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00) > provide much of the intended attack surface reduction more simply > --------------------------------------------------- > > > --------------------------------------------------- > CSP Cookie Controls > https://www.w3.org/TR/csp-cookies/ > > Last updated ~6 months ago. > Reason to transition to Note: The Feature Policy proposal ( > https://wicg.github.io/feature-policy/) could be a better home for the > intended functionality as part of a broader and more coherent approach, > rather than putting this into CSP. > --------------------------------------------------- > > --------------------------------------------------- > CSP Pinning > https://www.w3.org/TR/csp-pinning/ > > Last updated ~6 months ago. > Reason to transition to Note: While this kind of feature is still > considered useful, like Cookie Controls and Feature Policy, the editor > feels it would be better managed as part of a more generalized strategy for > header pinning, and as part of that, with a strategy perhaps along the > lines of a manifest, well-known resource or service worker that doesn't > incur the cost of sending the pinning header with every request. > --------------------------------------------------- > > This CfC will be discussed on tomorrow's regularly scheduled working group > teleconference (agenda to follow shortly on this list) and will close on > Friday, 22-July-2016. > > Positive responses encouraged, silence is consent. > > Thank you, > > Brad Hill > >
Received on Monday, 18 July 2016 20:05:15 UTC