I support this recharter (disclaimer: I'm a co-chair so of course I do).
-Dan Veditz
On Fri, Feb 22, 2019 at 5:29 PM L. David Baron wrote:
> The W3C is proposing a revised charter for:
>
> Web Application Security (WebAppSec) Working Group
> https://www.w3.org/2019/02/webappsec-2019-proposed
The W3C is proposing a revised charter for:
Web Application Security (WebAppSec) Working Group
https://www.w3.org/2019/02/webappsec-2019-proposed-charter.html
https://lists.w3.org/Archives/Public/public-new-work/2019Feb/0010.html
Mozilla has the opportunity to send comments or objections th
On Wed, Feb 11, 2015 at 2:02 AM, Mike West wrote:
>
>
>> https://mikewest.github.io/internetdrafts/origin-cookies/draft-west-origin-cookies-00.html
>>
>> https://mikewest.github.io/internetdrafts/first-party-cookies/draft-west-first-party-cookies-00.html
>>
>> Not many people are interested thus
Daniel Veditz wrote:
> On Thu, Jan 29, 2015 at 10:32 PM, L. David Baron wrote:
>>
>> (1) The "Confinement with Origin Web Labels" deliverable is described
>> in a way that makes it unclear what the deliverable would do. It
>> should be clearer. Furthermore, the lack of clarity means we
On Wed, Feb 11, 2015 at 12:47 AM, Daniel Veditz wrote:
> A new version of the charter has been uploaded that hopefully addresses
> these objections
>
> On Thu, Jan 29, 2015 at 10:32 PM, L. David Baron
> wrote:
>
>> (1) The "Confinement with Origin Web Labels" deliverable is described
>> in a
On Wed, Feb 11, 2015 at 11:20 AM, Jonas Sicking wrote:
> On Wed, Feb 11, 2015 at 1:52 AM, Anne van Kesteren
> wrote:
> > On Wed, Feb 11, 2015 at 10:42 AM, Jonas Sicking
> wrote:
> >> Has the group looked at expanding the feature set of cookies to allow
> >> better CSRF protection?
> >
> > Mike
On Wed, Feb 11, 2015 at 1:52 AM, Anne van Kesteren wrote:
> On Wed, Feb 11, 2015 at 10:42 AM, Jonas Sicking wrote:
>> Has the group looked at expanding the feature set of cookies to allow
>> better CSRF protection?
>
> Mike has:
>
>
> https://mikewest.github.io/internetdrafts/origin-cookies/dr
On Wed, Feb 11, 2015 at 10:52 AM, Anne van Kesteren
wrote:
> On Wed, Feb 11, 2015 at 10:42 AM, Jonas Sicking wrote:
> > Has the group looked at expanding the feature set of cookies to allow
> > better CSRF protection?
>
This doesn't seem like a good fit for WebAppSec. Various IETF groups have
g
On Wed, Feb 11, 2015 at 10:42 AM, Jonas Sicking wrote:
> Has the group looked at expanding the feature set of cookies to allow
> better CSRF protection?
Mike has:
https://mikewest.github.io/internetdrafts/origin-cookies/draft-west-origin-cookies-00.html
https://mikewest.github.io/internetd
On Wed, Feb 11, 2015 at 12:47 AM, Daniel Veditz wrote:
> (2) The "Entry Point Regulation for Web Applications" deliverable seems
>>
>> to have serious risks of breaking the ability to link. It's not
>> clear that the security benefits of this specification outweigh the
>> risks to the
A new version of the charter has been uploaded that hopefully addresses
these objections
On Thu, Jan 29, 2015 at 10:32 PM, L. David Baron wrote:
> (1) The "Confinement with Origin Web Labels" deliverable is described
> in a way that makes it unclear what the deliverable would do. It
> s
On Fri, Jan 30, 2015 at 3:15 PM, L. David Baron wrote:
> On Friday 2015-01-30 11:14 +0100, Anne van Kesteren wrote:
> > On Fri, Jan 30, 2015 at 7:32 AM, L. David Baron
> wrote:
> > > I'm particularly interested in review of point (3) in what I've
> written;
> > > I feel that the argument I've wr
On Fri, Jan 30, 2015 at 10:40 PM, Brian Smith wrote:
> Anyway, my point isn't to suggest that Mozilla should ask for this
> item to be removed from the charter. Rather, my point is that this
> item has some pretty big, non-obvious ramifications (not just related
> to tracking) that Mozilla should
On Sat, Jan 31, 2015 at 12:15 AM, L. David Baron wrote:
> My understanding is that the objections to powerfulfeatures are over
> the possibility of powerfulfeatures defining what is and isn't a
> powerful feature, because that should be decided primarily by the
> group developing the feature.
It'
L. David Baron wrote:
> Is the argument you're making that if the site can serve the ads
> from the same hostname rather than having to use a different
> hostname to get same-origin protection, then ad-blocking (or
> tracking-blocking) tools will no longer be able to block the ads?
Yes.
Anyway,
Please note the need to liaise with the groups that are affected by the
permissions work. Otherwise, this is good.
On Fri, Jan 30, 2015 at 3:20 PM, L. David Baron wrote:
> Here's a revised set of comments, mainly changing:
>
> - describes the objection to powerfulfeatures (part of objection (3
This seems good to me.
On Fri, Jan 30, 2015 at 3:20 PM, L. David Baron wrote:
> Here's a revised set of comments, mainly changing:
>
> - describes the objection to powerfulfeatures (part of objection (3))
>more clearly, but also, I think, scopes the objection a bit more
>narrowly
>
> -
Here's a revised set of comments, mainly changing:
- describes the objection to powerfulfeatures (part of objection (3))
more clearly, but also, I think, scopes the objection a bit more
narrowly
- makes objection (2) more explicit about being satisfied by an
option not to complete the
On Friday 2015-01-30 11:14 +0100, Anne van Kesteren wrote:
> On Fri, Jan 30, 2015 at 7:32 AM, L. David Baron wrote:
> > I'm particularly interested in review of point (3) in what I've written;
> > I feel that the argument I've written so far is weak, I think because I
> > don't particularly unders
On Friday 2015-01-30 10:18 -0800, Eric Rescorla wrote:
> I think there's some competence there, certainly, but I'm not convinced
> it represents a balanced set of the views on this topic. If there is to
> be oversight, it should probably be at that TAG level, IMHO.
For many topics, oversight from
On Fri, Jan 30, 2015 at 2:14 AM, Anne van Kesteren wrote:
> Thanks David!
>
> On Fri, Jan 30, 2015 at 7:32 AM, L. David Baron wrote:
> > I'm particularly interested in review of point (3) in what I've written;
> > I feel that the argument I've written so far is weak, I think because I
> > don't
This seems satisfactory to me.
On Thu, Jan 29, 2015 at 10:32 PM, L. David Baron wrote:
> Here are the comments I have so far on this charter, based on the
> thread. I'd note that this is a relatively large set of demands to make
> in the charter review stage at the AC, especially for a recharte
On Friday 2015-01-30 08:54 -0800, Daniel Veditz wrote:
> On Thu, Jan 29, 2015 at 10:32 PM, L. David Baron wrote:
>
> > There are a number of problematic aspects to this charter to which
> > we object:
> >
> > (1) The "Confinement with Origin Web Labels" deliverable is described
> > in a way t
On Thu, Jan 29, 2015 at 10:32 PM, L. David Baron wrote:
> There are a number of problematic aspects to this charter to which
> we object:
>
> (1) The "Confinement with Origin Web Labels" deliverable is described
> in a way that makes it unclear what the deliverable would do. It
> should
Thanks David!
On Fri, Jan 30, 2015 at 7:32 AM, L. David Baron wrote:
> I'm particularly interested in review of point (3) in what I've written;
> I feel that the argument I've written so far is weak, I think because I
> don't particularly understand the concerns about the powerfulfeatures
> draft
On Thu, Jan 29, 2015 at 10:27 PM, Eric Rescorla wrote:
> On Thu, Jan 29, 2015 at 12:56 PM, L. David Baron wrote:
>> On Friday 2015-01-16 09:58 +0100, Anne van Kesteren wrote:
>>> Also, can we request that they adopt a public asynchronous decision
>>> policy? I think we should start making that re
Here are the comments I have so far on this charter, based on the
thread. I'd note that this is a relatively large set of demands to make
in the charter review stage at the AC, especially for a recharter of a
WG that we're involved in. So it may come across to W3C staff as
somewhat demanding.
I'
On Sunday 2015-01-18 21:00 -0800, Brian Smith wrote:
> L. David Baron wrote:
> > http://www.w3.org/2014/12/webappsec-charter-2015.html
>
> Please see the threads at
>
> [1] https://lists.w3.org/Archives/Public/public-webappsec/2014Nov/0179.html
> [2]
> https://groups.google.com/d/topic/mozill
On Thu, Jan 29, 2015 at 1:59 PM, L. David Baron wrote:
> > Is this arguably a violation of the priority of constituencies principle?
> > It seems like it may serve the site more than the user.
>
> Do you want to insist that it be removed from the charter, or is
> this something you think should b
On Thursday 2015-01-29 13:27 -0800, Eric Rescorla wrote:
> On Thu, Jan 29, 2015 at 12:56 PM, L. David Baron wrote:
>
> > On Friday 2015-01-16 09:58 +0100, Anne van Kesteren wrote:
> > > On Fri, Jan 16, 2015 at 12:53 AM, L. David Baron
> > wrote:
> > > > Please reply to this thread if you think t
On Thu, Jan 29, 2015 at 12:56 PM, L. David Baron wrote:
> On Friday 2015-01-16 09:58 +0100, Anne van Kesteren wrote:
> > On Fri, Jan 16, 2015 at 12:53 AM, L. David Baron
> wrote:
> > > Please reply to this thread if you think there's something else we
> > > should say, or if you think we should
On Friday 2015-01-16 09:58 +0100, Anne van Kesteren wrote:
> On Fri, Jan 16, 2015 at 12:53 AM, L. David Baron wrote:
> > Please reply to this thread if you think there's something else we
> > should say, or if you think we should support the charter.
>
> I think in general it's fine, but there's
L. David Baron wrote:
> The W3C is proposing a revised charter for:
>
> Web Application Security Working Group
> http://www.w3.org/2014/12/webappsec-charter-2015.html
> https://lists.w3.org/Archives/Public/public-new-work/2014Dec/0008.html
>
> Mozilla has the opportunity to send comments, ob
On Fri, Jan 16, 2015, at 08:58 AM, Anne van Kesteren wrote:
> On Fri, Jan 16, 2015 at 12:53 AM, L. David Baron
> wrote:
> > Please reply to this thread if you think there's something else we
> > should say, or if you think we should support the charter.
>
> I think in general it's fine, but the
On Fri, Jan 16, 2015 at 12:58 AM, Anne van Kesteren wrote:
> * "Permissions API" this has been tried several times before. Given
> that there's hardly any involvement from UX in standards, it's not
> clear that this is a good idea. See also
> http://robert.ocallahan.org/2011/06/permissions-for-web
On Fri, Jan 16, 2015 at 9:31 AM, Martin Thomson wrote:
> On Fri, Jan 16, 2015 at 12:58 AM, Anne van Kesteren
> wrote:
>
> > * "Permissions API" this has been tried several times before. Given
> > that there's hardly any involvement from UX in standards, it's not
> > clear that this is a good ide
On Fri, Jan 16, 2015 at 12:58 AM, Anne van Kesteren
wrote:
> * "Permissions API" this has been tried several times before. Given
> that there's hardly any involvement from UX in standards, it's not
> clear that this is a good idea. See also
>
> http://robert.ocallahan.org/2011/06/permissions-for-
On Fri, Jan 16, 2015 at 12:53 AM, L. David Baron wrote:
> Please reply to this thread if you think there's something else we
> should say, or if you think we should support the charter.
I think in general it's fine, but there's a couple things:
* "Confinement with Origin Web Labels" the descript
The W3C is proposing a revised charter for:
Web Application Security Working Group
http://www.w3.org/2014/12/webappsec-charter-2015.html
https://lists.w3.org/Archives/Public/public-new-work/2014Dec/0008.html
Mozilla has the opportunity to send comments, objections, or support
through Friday
___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
signature.asc
Description: Digital signature
___
dev-platform mailing list
dev-platform@lists.mozil
40 matches
Mail list logo