I support this recharter (disclaimer: I'm a co-chair so of course I do).
-Dan Veditz
On Fri, Feb 22, 2019 at 5:29 PM L. David Baron wrote:
> The W3C is proposing a revised charter for:
>
> Web Application Security (WebAppSec) Working Group
>
The W3C is proposing a revised charter for:
Web Application Security (WebAppSec) Working Group
https://www.w3.org/2019/02/webappsec-2019-proposed-charter.html
https://lists.w3.org/Archives/Public/public-new-work/2019Feb/0010.html
Mozilla has the opportunity to send comments or objections
Daniel Veditz dved...@mozilla.com wrote:
On Thu, Jan 29, 2015 at 10:32 PM, L. David Baron dba...@dbaron.org wrote:
(1) The Confinement with Origin Web Labels deliverable is described
in a way that makes it unclear what the deliverable would do. It
should be clearer. Furthermore, the
On Wed, Feb 11, 2015 at 2:02 AM, Mike West mk...@google.com wrote:
https://mikewest.github.io/internetdrafts/origin-cookies/draft-west-origin-cookies-00.html
https://mikewest.github.io/internetdrafts/first-party-cookies/draft-west-first-party-cookies-00.html
Not many people are interested
On Wed, Feb 11, 2015 at 10:42 AM, Jonas Sicking jo...@sicking.cc wrote:
Has the group looked at expanding the feature set of cookies to allow
better CSRF protection?
Mike has:
https://mikewest.github.io/internetdrafts/origin-cookies/draft-west-origin-cookies-00.html
On Wed, Feb 11, 2015 at 10:52 AM, Anne van Kesteren ann...@annevk.nl
wrote:
On Wed, Feb 11, 2015 at 10:42 AM, Jonas Sicking jo...@sicking.cc wrote:
Has the group looked at expanding the feature set of cookies to allow
better CSRF protection?
This doesn't seem like a good fit for WebAppSec.
A new version of the charter has been uploaded that hopefully addresses
these objections
On Thu, Jan 29, 2015 at 10:32 PM, L. David Baron dba...@dbaron.org wrote:
(1) The Confinement with Origin Web Labels deliverable is described
in a way that makes it unclear what the deliverable would
On Wed, Feb 11, 2015 at 12:47 AM, Daniel Veditz dved...@mozilla.com wrote:
(2) The Entry Point Regulation for Web Applications deliverable seems
to have serious risks of breaking the ability to link. It's not
clear that the security benefits of this specification outweigh the
On Wed, Feb 11, 2015 at 1:52 AM, Anne van Kesteren ann...@annevk.nl wrote:
On Wed, Feb 11, 2015 at 10:42 AM, Jonas Sicking jo...@sicking.cc wrote:
Has the group looked at expanding the feature set of cookies to allow
better CSRF protection?
Mike has:
On Fri, Jan 30, 2015 at 10:40 PM, Brian Smith br...@briansmith.org wrote:
Anyway, my point isn't to suggest that Mozilla should ask for this
item to be removed from the charter. Rather, my point is that this
item has some pretty big, non-obvious ramifications (not just related
to tracking)
On Fri, Jan 30, 2015 at 3:15 PM, L. David Baron dba...@dbaron.org wrote:
On Friday 2015-01-30 11:14 +0100, Anne van Kesteren wrote:
On Fri, Jan 30, 2015 at 7:32 AM, L. David Baron dba...@dbaron.org
wrote:
I'm particularly interested in review of point (3) in what I've
written;
I feel
On Thu, Jan 29, 2015 at 10:32 PM, L. David Baron dba...@dbaron.org wrote:
There are a number of problematic aspects to this charter to which
we object:
(1) The Confinement with Origin Web Labels deliverable is described
in a way that makes it unclear what the deliverable would do. It
On Friday 2015-01-30 08:54 -0800, Daniel Veditz wrote:
On Thu, Jan 29, 2015 at 10:32 PM, L. David Baron dba...@dbaron.org wrote:
There are a number of problematic aspects to this charter to which
we object:
(1) The Confinement with Origin Web Labels deliverable is described
in a
On Fri, Jan 30, 2015 at 2:14 AM, Anne van Kesteren ann...@annevk.nl wrote:
Thanks David!
On Fri, Jan 30, 2015 at 7:32 AM, L. David Baron dba...@dbaron.org wrote:
I'm particularly interested in review of point (3) in what I've written;
I feel that the argument I've written so far is weak, I
Here's a revised set of comments, mainly changing:
- describes the objection to powerfulfeatures (part of objection (3))
more clearly, but also, I think, scopes the objection a bit more
narrowly
- makes objection (2) more explicit about being satisfied by an
option not to complete the
This seems satisfactory to me.
On Thu, Jan 29, 2015 at 10:32 PM, L. David Baron dba...@dbaron.org wrote:
Here are the comments I have so far on this charter, based on the
thread. I'd note that this is a relatively large set of demands to make
in the charter review stage at the AC, especially
On Friday 2015-01-30 10:18 -0800, Eric Rescorla wrote:
I think there's some competence there, certainly, but I'm not convinced
it represents a balanced set of the views on this topic. If there is to
be oversight, it should probably be at that TAG level, IMHO.
For many topics, oversight from
Please note the need to liaise with the groups that are affected by the
permissions work. Otherwise, this is good.
On Fri, Jan 30, 2015 at 3:20 PM, L. David Baron dba...@dbaron.org wrote:
Here's a revised set of comments, mainly changing:
- describes the objection to powerfulfeatures (part
L. David Baron dba...@dbaron.org wrote:
Is the argument you're making that if the site can serve the ads
from the same hostname rather than having to use a different
hostname to get same-origin protection, then ad-blocking (or
tracking-blocking) tools will no longer be able to block the ads?
On Sat, Jan 31, 2015 at 12:15 AM, L. David Baron dba...@dbaron.org wrote:
My understanding is that the objections to powerfulfeatures are over
the possibility of powerfulfeatures defining what is and isn't a
powerful feature, because that should be decided primarily by the
group developing the
This seems good to me.
On Fri, Jan 30, 2015 at 3:20 PM, L. David Baron dba...@dbaron.org wrote:
Here's a revised set of comments, mainly changing:
- describes the objection to powerfulfeatures (part of objection (3))
more clearly, but also, I think, scopes the objection a bit more
Thanks David!
On Fri, Jan 30, 2015 at 7:32 AM, L. David Baron dba...@dbaron.org wrote:
I'm particularly interested in review of point (3) in what I've written;
I feel that the argument I've written so far is weak, I think because I
don't particularly understand the concerns about the
On Thu, Jan 29, 2015 at 10:27 PM, Eric Rescorla e...@rtfm.com wrote:
On Thu, Jan 29, 2015 at 12:56 PM, L. David Baron dba...@dbaron.org wrote:
On Friday 2015-01-16 09:58 +0100, Anne van Kesteren wrote:
Also, can we request that they adopt a public asynchronous decision
policy? I think we
On Thu, Jan 29, 2015 at 12:56 PM, L. David Baron dba...@dbaron.org wrote:
On Friday 2015-01-16 09:58 +0100, Anne van Kesteren wrote:
On Fri, Jan 16, 2015 at 12:53 AM, L. David Baron dba...@dbaron.org
wrote:
Please reply to this thread if you think there's something else we
should say,
On Friday 2015-01-16 09:58 +0100, Anne van Kesteren wrote:
On Fri, Jan 16, 2015 at 12:53 AM, L. David Baron dba...@dbaron.org wrote:
Please reply to this thread if you think there's something else we
should say, or if you think we should support the charter.
I think in general it's fine,
On Thursday 2015-01-29 13:27 -0800, Eric Rescorla wrote:
On Thu, Jan 29, 2015 at 12:56 PM, L. David Baron dba...@dbaron.org wrote:
On Friday 2015-01-16 09:58 +0100, Anne van Kesteren wrote:
On Fri, Jan 16, 2015 at 12:53 AM, L. David Baron dba...@dbaron.org
wrote:
Please reply to this
On Thu, Jan 29, 2015 at 1:59 PM, L. David Baron dba...@dbaron.org wrote:
Is this arguably a violation of the priority of constituencies principle?
It seems like it may serve the site more than the user.
Do you want to insist that it be removed from the charter, or is
this something you
Here are the comments I have so far on this charter, based on the
thread. I'd note that this is a relatively large set of demands to make
in the charter review stage at the AC, especially for a recharter of a
WG that we're involved in. So it may come across to W3C staff as
somewhat demanding.
On Sunday 2015-01-18 21:00 -0800, Brian Smith wrote:
L. David Baron dba...@dbaron.org wrote:
http://www.w3.org/2014/12/webappsec-charter-2015.html
Please see the threads at
[1] https://lists.w3.org/Archives/Public/public-webappsec/2014Nov/0179.html
[2]
L. David Baron dba...@dbaron.org wrote:
The W3C is proposing a revised charter for:
Web Application Security Working Group
http://www.w3.org/2014/12/webappsec-charter-2015.html
https://lists.w3.org/Archives/Public/public-new-work/2014Dec/0008.html
Mozilla has the opportunity to send
On Fri, Jan 16, 2015, at 08:58 AM, Anne van Kesteren wrote:
On Fri, Jan 16, 2015 at 12:53 AM, L. David Baron dba...@dbaron.org
wrote:
Please reply to this thread if you think there's something else we
should say, or if you think we should support the charter.
I think in general it's
On Fri, Jan 16, 2015 at 12:53 AM, L. David Baron dba...@dbaron.org wrote:
Please reply to this thread if you think there's something else we
should say, or if you think we should support the charter.
I think in general it's fine, but there's a couple things:
* Confinement with Origin Web
On Fri, Jan 16, 2015 at 12:58 AM, Anne van Kesteren ann...@annevk.nl
wrote:
* Permissions API this has been tried several times before. Given
that there's hardly any involvement from UX in standards, it's not
clear that this is a good idea. See also
On Fri, Jan 16, 2015 at 9:31 AM, Martin Thomson m...@mozilla.com wrote:
On Fri, Jan 16, 2015 at 12:58 AM, Anne van Kesteren ann...@annevk.nl
wrote:
* Permissions API this has been tried several times before. Given
that there's hardly any involvement from UX in standards, it's not
clear
On Fri, Jan 16, 2015 at 12:58 AM, Anne van Kesteren ann...@annevk.nl wrote:
* Permissions API this has been tried several times before. Given
that there's hardly any involvement from UX in standards, it's not
clear that this is a good idea. See also
___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
signature.asc
Description: Digital signature
___
dev-platform mailing list
The W3C is proposing a revised charter for:
Web Application Security Working Group
http://www.w3.org/2014/12/webappsec-charter-2015.html
https://lists.w3.org/Archives/Public/public-new-work/2014Dec/0008.html
Mozilla has the opportunity to send comments, objections, or support
through
37 matches
Mail list logo