On Fri, Sep 18, 2009 at 6:00 PM, =JeffH <[email protected]> wrote: > We are interested in bringing this work to W3C WebApps Working Group as a > Recommendation-track specification. We are willing to license it under W3C > terms, we understand that it may change due to implementer or public > feedback, > and that should it be of interest to other implementors, we're willing to > contribute to editorial and test suite efforts. > > We're looking forward to the WebApps WG's feedback and comments.
This definitely looks very interesting. I am admittedly a bit worried about requests to one url to a server affecting any subsequent requests to not just that server, but also to any subdomain. I wonder for example if the client when receiving a Strict-Transport-Security header should make a request to the root url of the same origin to verify that the server indeed wants to opt in to STS. However, I definitely think this is a draft worth publishing in order to reach a broader group of people for comments. But, while I don't personally care which standards organization is in charge of publishing this, I suspect that you'll get the feedback that IETF is the correct place to publish this spec. / Jonas
