- From: Oda, Terri <terri.oda@intel.com>
- Date: Mon, 18 Jul 2016 17:41:11 -0700
- To: Brad Hill <hillbrad@gmail.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
- Message-ID: <CACoC0R8P5Rkcx9HyFhHr2-=vwJJZGxyue5AHfNPCbs4a6WkfVg@mail.gmail.com>
As I mentioned on the call, I'm sad to see some of these transition to Note status, but I think this accurately reflects the current status of these drafts and approve of the move. On Tue, Jul 12, 2016 at 2:33 PM, Brad Hill <hillbrad@gmail.com> wrote: > This is a call for consensus to transition three Working Drafts of the Web > Application Security WG to "Working Group Note" status and indicate that > they are no longer under active development towards the Recommendation > Track, as discussed at the May F2F and briefly on the list. > > The following specifications are proposed for transition: > --------------------------------------------------- > Entry Point Regulation > https://www.w3.org/TR/epr/ > > Last updated ~1 year ago. > Reason to transition to Note: Same-site cookies ( > https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00) > provide much of the intended attack surface reduction more simply > --------------------------------------------------- > > > --------------------------------------------------- > CSP Cookie Controls > https://www.w3.org/TR/csp-cookies/ > > Last updated ~6 months ago. > Reason to transition to Note: The Feature Policy proposal ( > https://wicg.github.io/feature-policy/) could be a better home for the > intended functionality as part of a broader and more coherent approach, > rather than putting this into CSP. > --------------------------------------------------- > > --------------------------------------------------- > CSP Pinning > https://www.w3.org/TR/csp-pinning/ > > Last updated ~6 months ago. > Reason to transition to Note: While this kind of feature is still > considered useful, like Cookie Controls and Feature Policy, the editor > feels it would be better managed as part of a more generalized strategy for > header pinning, and as part of that, with a strategy perhaps along the > lines of a manifest, well-known resource or service worker that doesn't > incur the cost of sending the pinning header with every request. > --------------------------------------------------- > > This CfC will be discussed on tomorrow's regularly scheduled working group > teleconference (agenda to follow shortly on this list) and will close on > Friday, 22-July-2016. > > Positive responses encouraged, silence is consent. > > Thank you, > > Brad Hill > >
Received on Tuesday, 19 July 2016 00:41:42 UTC