Security and Privacy appendix from Chris Lilley on 2015-10-06 (public-webfonts-wg@w3.org from October 2015)

From: Chris Lilley <chris@w3.org>
Date: Tue, 6 Oct 2015 21:55:15 +0200
To: "w3c-webfonts-wg (public-webfonts-wg@w3.org)" <public-webfonts-wg@w3.org>
Message-ID: <531729865.20151006215515@w3.org>

Hello folks,

Today I had a good discussion about WOFF2 with Wendy Seltzer, who
leads W3C's security and privacy work. She also pointed me towards an
model appendix which the TAG is developing, to codify the security and
privacy-related aspects of W3C specifications. We concluded that WOFF
by itself has few security or privacy concerns.

As a result of that discussion, I have added such an appendix to
WOFF2. Most of the questions are trivially answered in the negative;
in some cases I added additional clarifying information.

http://dev.w3.org/webfonts/WOFF2/spec/#security-privacy-considerations

That discussion, plus this appendix, should satisfy both the TAG and
also the WebAppSec WG requirements for security review for WOFF2.

-- 
Best regards,
 Chris  Lilley
 Technical Director, W3C Interaction Domain

Received on Tuesday, 6 October 2015 19:55:21 UTC