W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2021

RE: [EXTERNAL] Re: CfC to adopt "Post-Spectre Web Development" as a Note-track document

From: Jun Kokatsu <Jun.Kokatsu@microsoft.com>
Date: Fri, 5 Mar 2021 20:33:07 +0000
To: "fbraun@mozilla.com" <fbraun@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <BYAPR00MB0551B3C06842AD5E122B79C9E2969@BYAPR00MB0551.namprd00.prod.outlook.com>
+1

I think it's important to communicate with users about WebAppSec position on Post-Spectre web development.

I also hope that by publishing this note, we'll see more sites deploying CORP, COOP, or COEP headers, which will help us and websites deploy COI 😊



Thanks,



Jun





-----Original Message-----
From: Frederik Braun <fbraun@mozilla.com>
Sent: Wednesday, March 3, 2021 7:38 AM
To: public-webappsec@w3.org
Subject: [EXTERNAL] Re: CfC to adopt "Post-Spectre Web Development" as a Note-track document



+1 for adopting as a note-track document.



On 26.02.21 14:28, Ionuț Ambrosie wrote:

> Sounds good to me!

>

> On Fri, Feb 26, 2021 at 2:10 PM Giorgio Maone <giorgio@maone.net

> <mailto:giorgio@maone.net>> wrote:

>

>     On 25/02/21 21:00, Artur Janc wrote:

>     > I am, predictably, strongly supportive of publishing this as a Note.

>     > Deploying isolation mechanisms to protect applications from Spectre

>     > (and other, more traditional information leaks) is an important part

>     > of the security story for the ecosystem, and the document does a good

>     > job at distilling the guidance into a set of clear instructions for

>     > developers.

>

>     +1

>

>     -- G

>

>     >

>     > Cheers,

>     > -Artur

>     >

>     > On Thu, Feb 25, 2021 at 8:45 PM Daniel Veditz <dveditz@mozilla.com

>     <mailto:dveditz@mozilla.com>

>     > <mailto:dveditz@mozilla.com <mailto:dveditz@mozilla.com<mailto:dveditz@mozilla.com%20%3cmailto:dveditz@mozilla.com>>>> wrote:

>     >

>     >     Call for Consensus

>     >

>     >     Mike has written up a set of post-Spectre mitigation

>     >     recommendations for web developers at

>     >     https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmikewest.github.io%2Fpost-spectre-webdev%2F&amp;data=04%7C01%7CJun.Kokatsu%40microsoft.com%7C280bea4edb2647eb857508d8de5a9914%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637503828248139133%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=WuJvsaAkg%2BlI5Rgh7Ri9OQkYGc8MA7dNiFCc6cXbQHY%3D&amp;reserved=0

>     <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmikewest.github.io%2Fpost-spectre-webdev%2F&amp;data=04%7C01%7CJun.Kokatsu%40microsoft.com%7C280bea4edb2647eb857508d8de5a9914%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637503828248139133%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=WuJvsaAkg%2BlI5Rgh7Ri9OQkYGc8MA7dNiFCc6cXbQHY%3D&amp;reserved=0>

>     >

>     >     This is a Call for Consensus to adopt that work as a draft and

>     >     finish it as a Note-track document in the Web Application Security

>     >     Working Group. A Note is a non-normative document, and in this

>     >     case is relevant to the work WASWG is doing because it offers

>     >     recommendations and best practices for using the features we've

>     >     specified in this group and related features in Fetch/HTML in

>     >     various web application scenarios.

>     >

>     >     Please reply to this thread, yay or nay, before Monday March 8,

>     >     and we'll discuss it on our next call March 16.

>     >

>     >     -Dan Veditz

>     >

>

>     --

>     Giorgio Maone

>

> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmaon


> e.net%2F&amp;data=04%7C01%7CJun.Kokatsu%40microsoft.com%7C280bea4edb26

> 47eb857508d8de5a9914%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C6375

> 03828248139133%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2l

> uMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=%2Fr3gQcfuwAJTta6

> bwE36Jwvp0fISjXlV2tuwcpGXVJU%3D&amp;reserved=0

> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmao


> ne.net%2F&amp;data=04%7C01%7CJun.Kokatsu%40microsoft.com%7C280bea4edb2

> 647eb857508d8de5a9914%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637503828248139133%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=%2Fr3gQcfuwAJTta6bwE36Jwvp0fISjXlV2tuwcpGXVJU%3D&amp;reserved=0>

>

>

>

>

>

> --

> -


Received on Monday, 8 March 2021 08:37:57 UTC

This archive was generated by hypermail 2.4.0 : Monday, 8 March 2021 08:37:59 UTC