- From: Theresa O'Connor <hober@apple.com>
- Date: Fri, 12 Jun 2020 10:38:06 -0700
- To: public-webappsec@w3.org
- Cc: rmondello@apple.com
Hi all, Mike wrote: > This seems reasonable to me, and is consistent with our conversation > on the topic at TPAC last year > (https://github.com/w3c/webappsec/blob/master/meetings/2019/2019-09-TPAC-minutes.md#well-knownchange-password). > > I'd be comfortable adopting this specification, and publishing it as a > FPWD. Let's give the working group's members a week to object. If no > objections come in by May 12th, I think we could comfortably declare > consensus. It's been a month, and there haven't been objections. Before we move it over, though, I wanted to additionally propose that we also move over a companion document in the same repo, "Detecting the reliability of HTTP status codes": https://wicg.github.io/change-password-url/response-code-reliability.html In order to most effectively make use of Change Password URLs, implementers need to know if the web server is configured to correctly serve 404 responses for resources that aren't there. They can use the technique described in this document to do that. Safari and Chrome are both pursuing this approach; see Dominic Battre's comment here: https://github.com/WICG/change-password-url/issues/16#issuecomment-643314820 While distinct from each other, I think these two specs will sink or swim together, so I'd like to keep them together in the same CG or WG. Tess
Received on Friday, 12 June 2020 17:38:23 UTC