Re: Security and Privacy appendix from David Kuettel on 2015-10-06 (public-webfonts-wg@w3.org from October 2015)

From: David Kuettel <kuettel@google.com>
Date: Tue, 6 Oct 2015 14:16:25 -0700
To: Chris Lilley <chris@w3.org>
Cc: "w3c-webfonts-wg (public-webfonts-wg@w3.org)" <public-webfonts-wg@w3.org>
Message-ID: <CAAYUqgHvFqjVPo5YfFmcCZa0nhtUB20oEZKGAdqgbJo6Q3_5PA@mail.gmail.com>

Thank you Chris!  The security & privacy appendix looks great.

On Tue, Oct 6, 2015 at 12:55 PM, Chris Lilley <chris@w3.org> wrote:

> Hello folks,
>
> Today I had a good discussion about WOFF2 with Wendy Seltzer, who
> leads W3C's security and privacy work. She also pointed me towards an
> model appendix which the TAG is developing, to codify the security and
> privacy-related aspects of W3C specifications. We concluded that WOFF
> by itself has few security or privacy concerns.
>
> As a result of that discussion, I have added such an appendix to
> WOFF2. Most of the questions are trivially answered in the negative;
> in some cases I added additional clarifying information.
>
> http://dev.w3.org/webfonts/WOFF2/spec/#security-privacy-considerations
>
> That discussion, plus this appendix, should satisfy both the TAG and
> also the WebAppSec WG requirements for security review for WOFF2.
>
> --
> Best regards,
>  Chris  Lilley
>  Technical Director, W3C Interaction Domain
>
>
>

Received on Tuesday, 6 October 2015 21:17:40 UTC