CfC: Republish "Mixed Content" as CR; deadline July 27th. from Mike West on 2016-07-20 (public-webappsec@w3.org from July 2016)

From: Mike West <mkwst@google.com>
Date: Wed, 20 Jul 2016 11:34:33 +0200
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Cc: Wendy Seltzer <wseltzer@w3.org>, Dan Veditz <dveditz@mozilla.com>, Brad Hill <hillbrad@gmail.com>
Message-ID: <CAKXHy=eNDiZL5xMj4eW0nKqt-bXi50h2HjHgbVLsDAxVk4rNqQ@mail.gmail.com>

Hello, webappsec!

Based on the discussion in the public-webappsec thread starting at [1],
our face-to-face at [2], and our recent call at [3], I'd like to refresh
the Mixed Content CR with the following document that aligns mixed
content's checks with Secure Context's definition of
potentially trustworthy URLs:

https://w3c.github.io/webappsec-mixed-content/CR.html

Among other things, this means that `http://127.0.0.1/` will not
be considered mixed content when loaded in an otherwise secure page.

The deadline for this CfC is in one week, July 27th, with as short a CR
period as possible in the hopes of taking it to PR in the TPAC
timeframe. Feedback,
both positive and negative is welcome, either directly to the list, or via
some sort of clever emoji response to
*https://github.com/w3c/webappsec-mixed-content/issues/6
<https://github.com/w3c/webappsec-mixed-content/issues/6>*.

[1]: https://lists.w3.org/Archives/Public/public-webappsec/2016Apr/0044.html
[2]: https://www.w3.org/2016/05/16-webappsec-minutes.html#item05
[3]: https://www.w3.org/2016/07/13-webappsec-minutes.html#item05


-mike

Received on Wednesday, 20 July 2016 09:35:35 UTC