I'm currently planning to submit the following as a comment on the charter (mostly based on what Richard wrote, but somewhat reworded). Please let me know if you think this needs rewording.
-David
[X] Opposes this charter and requests that the group not be created
[Formal Objection]
The proposed charter does not list concrete deliverables, and many
of the previous proposals within this scope have been opposed
several times by browser vendors, for example because hardware
assets exposed to Javascript can be used as super-cookies, creating
a serious privacy concern.
Work in this space should happen in a community group or similar
forum until there are clearly identified deliverables, and those
deliverables have a clear explanation of how they fit with the Web's
security model and with the privacy interests of users.
We continue to support the related but better-focused work that is
happening in the Web Authentication WG and the Web Payments WG.
On Tuesday 2016-03-01 18:32 -0500, Richard Barnes wrote:
> Mozilla should oppose the formation of this working group. The charter
> fails to specify concrete deliverables, and many of the potential
> deliverables listed have been opposed several times by browser vendors,
> e.g., because hardware assets exposed to JS can be used as super-cookies.
>
> If anything is to be done here, it should be done in a community group or
> other forum until they have a story for what exactly they will be
> developing and how it fits with the web security model.
>
> On Mon, Feb 29, 2016 at 8:34 PM, L. David Baron <dba...@dbaron.org> wrote:
>
> > The W3C is proposing a charter for:
> >
> > Hardware Security Working Group
> > https://www.w3.org/2015/hasec/2015-hasec-charter.html
> > https://lists.w3.org/Archives/Public/public-new-work/2016Feb/0009.html
> >
> > Mozilla has the opportunity to send comments or objections through
> > Friday, April 1.
> >
> > Please reply to this thread if you think there's something we should
> > say as part of this charter review.
> >
> > (My understanding is that there is some concern that this work could
> > create supercookie-like features, which would be bad.)
> >
> > -David
> >
> > --
> > 𝄞 L. David Baron http://dbaron.org/ 𝄂
> > 𝄢 Mozilla https://www.mozilla.org/ 𝄂
> > Before I built a wall I'd ask to know
> > What I was walling in or walling out,
> > And to whom I was like to give offense.
> > - Robert Frost, Mending Wall (1914)
> >
> > _______________________________________________
> > dev-platform mailing list
> > dev-platform@lists.mozilla.org
> > https://lists.mozilla.org/listinfo/dev-platform
> >
> >
> _______________________________________________
> dev-platform mailing list
> dev-platform@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-platform
--
𝄞 L. David Baron http://dbaron.org/ 𝄂
𝄢 Mozilla https://www.mozilla.org/ 𝄂
Before I built a wall I'd ask to know
What I was walling in or walling out,
And to whom I was like to give offense.
- Robert Frost, Mending Wall (1914)
signature.asc
Description: Digital signature
_______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
