Re: CfC: Transition "Secure Contexts" to CR; deadline August 2nd.

<hat="individual"> I support this very much.

On Tue, Jul 19, 2016 at 6:22 AM Mike West <> wrote:

> Hello, WebAppSec and TAG,
> This is a call for consensus to transition Secure Contexts to Candidate
> Recommendation with the document at:
> Since the last time we formally discussed this spec, we've cleaned up
> examples and algorithms based on some very helpful feedback from folks at
> Mozilla working on their implementation (thanks Boris and Jonathan!), as
> well as interested folks from the TAG and elsewhere (thanks to Anne and
> Domenic in particular).
> The core of the specification is already used in a number of
> specifications to gate certain features (like Service Workers) to contexts
> which offer guarantees about their usage, and browser vendors seem
> interested in implementing.
> One substantive change since the last time around is the sandbox behavior
> in
> which now defaults to forcing a sandboxed frame into "non-secure context"
> status, and requires a new 'allow-secure-context' token to allow the
> context to be treated as secure. It's not clear whether we can ship that
> change; it's marked as "at risk" pending gathering some metrics.
> Note also that this document references WHATWG documents in a few places
> where the W3C version is out of date. I'm sure we'll have some exciting
> conversations about those references:
> contains a complete list.
> The deadline for this CfC is in two weeks, on August 2nd. Feedback, both
> positive and negative is welcome, either directly to the list, or via some
> sort of clever emoji response to
> Thanks!
> -mike

Received on Wednesday, 20 July 2016 21:19:12 UTC