- From: Jun Kokatsu <Jun.Kokatsu@microsoft.com>
- Date: Fri, 5 Mar 2021 20:33:07 +0000
- To: "fbraun@mozilla.com" <fbraun@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
- Message-ID: <BYAPR00MB0551B3C06842AD5E122B79C9E2969@BYAPR00MB0551.namprd00.prod.outlook.com>
+1 I think it's important to communicate with users about WebAppSec position on Post-Spectre web development. I also hope that by publishing this note, we'll see more sites deploying CORP, COOP, or COEP headers, which will help us and websites deploy COI 😊 Thanks, Jun -----Original Message----- From: Frederik Braun <fbraun@mozilla.com> Sent: Wednesday, March 3, 2021 7:38 AM To: public-webappsec@w3.org Subject: [EXTERNAL] Re: CfC to adopt "Post-Spectre Web Development" as a Note-track document +1 for adopting as a note-track document. On 26.02.21 14:28, Ionuț Ambrosie wrote: > Sounds good to me! > > On Fri, Feb 26, 2021 at 2:10 PM Giorgio Maone <giorgio@maone.net > <mailto:giorgio@maone.net>> wrote: > > On 25/02/21 21:00, Artur Janc wrote: > > I am, predictably, strongly supportive of publishing this as a Note. > > Deploying isolation mechanisms to protect applications from Spectre > > (and other, more traditional information leaks) is an important part > > of the security story for the ecosystem, and the document does a good > > job at distilling the guidance into a set of clear instructions for > > developers. > > +1 > > -- G > > > > > Cheers, > > -Artur > > > > On Thu, Feb 25, 2021 at 8:45 PM Daniel Veditz <dveditz@mozilla.com > <mailto:dveditz@mozilla.com> > > <mailto:dveditz@mozilla.com <mailto:dveditz@mozilla.com<mailto:dveditz@mozilla.com%20%3cmailto:dveditz@mozilla.com>>>> wrote: > > > > Call for Consensus > > > > Mike has written up a set of post-Spectre mitigation > > recommendations for web developers at > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmikewest.github.io%2Fpost-spectre-webdev%2F&data=04%7C01%7CJun.Kokatsu%40microsoft.com%7C280bea4edb2647eb857508d8de5a9914%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637503828248139133%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=WuJvsaAkg%2BlI5Rgh7Ri9OQkYGc8MA7dNiFCc6cXbQHY%3D&reserved=0 > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmikewest.github.io%2Fpost-spectre-webdev%2F&data=04%7C01%7CJun.Kokatsu%40microsoft.com%7C280bea4edb2647eb857508d8de5a9914%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637503828248139133%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=WuJvsaAkg%2BlI5Rgh7Ri9OQkYGc8MA7dNiFCc6cXbQHY%3D&reserved=0> > > > > This is a Call for Consensus to adopt that work as a draft and > > finish it as a Note-track document in the Web Application Security > > Working Group. A Note is a non-normative document, and in this > > case is relevant to the work WASWG is doing because it offers > > recommendations and best practices for using the features we've > > specified in this group and related features in Fetch/HTML in > > various web application scenarios. > > > > Please reply to this thread, yay or nay, before Monday March 8, > > and we'll discuss it on our next call March 16. > > > > -Dan Veditz > > > > -- > Giorgio Maone > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmaon > e.net%2F&data=04%7C01%7CJun.Kokatsu%40microsoft.com%7C280bea4edb26 > 47eb857508d8de5a9914%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C6375 > 03828248139133%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2l > uMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=%2Fr3gQcfuwAJTta6 > bwE36Jwvp0fISjXlV2tuwcpGXVJU%3D&reserved=0 > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmao > ne.net%2F&data=04%7C01%7CJun.Kokatsu%40microsoft.com%7C280bea4edb2 > 647eb857508d8de5a9914%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637503828248139133%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=%2Fr3gQcfuwAJTta6bwE36Jwvp0fISjXlV2tuwcpGXVJU%3D&reserved=0> > > > > > > -- > -
Received on Monday, 8 March 2021 08:37:57 UTC