Re: CfC to adopt "Post-Spectre Web Development" as a Note-track document from Artur Janc on 2021-02-25 (public-webappsec@w3.org from February 2021)

From: Artur Janc <aaj@google.com>
Date: Thu, 25 Feb 2021 21:00:34 +0100
To: Daniel Veditz <dveditz@mozilla.com>
Cc: WebAppSec WG <public-webappsec@w3.org>
Message-ID: <CAPYVjqr_FKBnUY-Y-erKBt4BKtOE6GySqaz8=4fyJz+JQtc6CQ@mail.gmail.com>

I am, predictably, strongly supportive of publishing this as a Note.
Deploying isolation mechanisms to protect applications from Spectre (and
other, more traditional information leaks) is an important part of the
security story for the ecosystem, and the document does a good job at
distilling the guidance into a set of clear instructions for developers.

Cheers,
-Artur

On Thu, Feb 25, 2021 at 8:45 PM Daniel Veditz <dveditz@mozilla.com> wrote:

> Call for Consensus
>
> Mike has written up a set of post-Spectre mitigation recommendations for
> web developers at https://mikewest.github.io/post-spectre-webdev/
>
> This is a Call for Consensus to adopt that work as a draft and finish it
> as a Note-track document in the Web Application Security Working Group. A
> Note is a non-normative document, and in this case is relevant to the work
> WASWG is doing because it offers recommendations and best practices for
> using the features we've specified in this group and related features in
> Fetch/HTML in various web application scenarios.
>
> Please reply to this thread, yay or nay, before Monday March 8, and we'll
> discuss it on our next call March 16.
>
> -Dan Veditz
>

Received on Thursday, 25 February 2021 20:01:01 UTC