TAG response to your comments on "Issues of concern to the TAG"

Jeff,

On its teleconference of 16 February 2012, the TAG considered the questions
you raised in your response [1] to our note titled "Issues of concern to
the TAG". I have been asked to convey to you the following responses:

Jeff Jaffe wrote [regarding weaknesses in the Certificate Authority system]:

> While this is clearly a problem for the Web, it is less clear to me who
> the TAG thinks should be addressing the topic.  If the issues are SSL
> security, it would presumably be addressed at the IETF.  Did the TAG
> decompose the problem enough to identify who should be doing what?

We agree that the technical work will likely happen outside the TAG and
much of it will be outside the W3C. The TAG, and perhaps those in the
Security Activity in W3C, need to continue to monitor the impact of these
threats to the health of the Web, and to work with IETF and others to
ensure that the solutions are as satisfactory as possible. We note that
there is active liaison between the security directorate at IETF and the
Security Activity at W3C, and of course there is also overall W3C to IETF
coordination, which is managed on the W3C side by Philippe le Hegaret and
Thomas Roessler, and for IETF by Mark Nottingham. We suggest that the W3C
Security Activity ensure that other concerned WG's are aware of the
problems with the CA system.

Jeff Jaffe wrote [...also regarding the CA system...]:

> Among many other important concerns, the impact on the W3C
> specifications level needs to be assessed."

We agree. We expect that individual working groups should take the lead in
dealing with impact on particular specifications, and as noted above, the
TAG will continue to play an oversight role, being alert for new issues, or
for impact on specifications that others are missing.

Jeff Jaffe wrote [regarding mobile Web apps. vs. native apps]:

> This is a key area of concern.  Did the TAG produce a specific list of
> features that would be appropriate for the Web platform to help it catch
> up in areas where it is currently behind?

Only insofar as we included a high-level list in our note [2] to you. We
believe the people in charge of groups relating to mobile Web applications
are tracking these things in detail. Our goal in this note was to signal
that, at a high level, there is both reason for concern about the likely
success of our overall effort, and reason for optimism that a focused
effort can succeed.

Jeff Jaffe wrote [regarding distributed extensibility and vendor prefixes]:

> Did the TAG discuss solutions? My instincts is that there is an
> opportunity to address this by speeding up the pace of standardization.
> If everyone is using the same approach - why should everyone call it
> "webkit", why can't we just agree?

In the particular case cited, which is CSS, there is very active work in
the working group to improve the situation. If successful, that effort
should settle the question of when to use -webkit and when not (we note
that Webkit engines have 90+% market share on mobile, and that's
contributing to the confusion between vendor-specific and ubiquitous
features.) The TAG has at times started work in the general area of
extensibility, but we are not currently focusing on this.

Thank you very much.

Noah Mendelsohn
for the W3C Technical Architecture Group

[1] http://lists.w3.org/Archives/Public/www-tag/2012Feb/0054.html
[2] http://lists.w3.org/Archives/Public/www-tag/2012Feb/0049.html

Tracker: this note addresses TAG ACTION-671

Received on Monday, 20 February 2012 22:42:40 UTC