- From: Noah Mendelsohn <nrm@arcanedomain.com>
- Date: Mon, 20 Feb 2012 17:42:13 -0500
- To: Jeff Jaffe <jeff@w3.org>, "www-tag@w3.org" <www-tag@w3.org>
- CC: Thomas Roessler <tlr@w3.org>, Philippe Le Hegaret <plh@w3.org>, Mark Nottingham <mnot@mnot.net>
Jeff, On its teleconference of 16 February 2012, the TAG considered the questions you raised in your response [1] to our note titled "Issues of concern to the TAG". I have been asked to convey to you the following responses: Jeff Jaffe wrote [regarding weaknesses in the Certificate Authority system]: > While this is clearly a problem for the Web, it is less clear to me who > the TAG thinks should be addressing the topic. If the issues are SSL > security, it would presumably be addressed at the IETF. Did the TAG > decompose the problem enough to identify who should be doing what? We agree that the technical work will likely happen outside the TAG and much of it will be outside the W3C. The TAG, and perhaps those in the Security Activity in W3C, need to continue to monitor the impact of these threats to the health of the Web, and to work with IETF and others to ensure that the solutions are as satisfactory as possible. We note that there is active liaison between the security directorate at IETF and the Security Activity at W3C, and of course there is also overall W3C to IETF coordination, which is managed on the W3C side by Philippe le Hegaret and Thomas Roessler, and for IETF by Mark Nottingham. We suggest that the W3C Security Activity ensure that other concerned WG's are aware of the problems with the CA system. Jeff Jaffe wrote [...also regarding the CA system...]: > Among many other important concerns, the impact on the W3C > specifications level needs to be assessed." We agree. We expect that individual working groups should take the lead in dealing with impact on particular specifications, and as noted above, the TAG will continue to play an oversight role, being alert for new issues, or for impact on specifications that others are missing. Jeff Jaffe wrote [regarding mobile Web apps. vs. native apps]: > This is a key area of concern. Did the TAG produce a specific list of > features that would be appropriate for the Web platform to help it catch > up in areas where it is currently behind? Only insofar as we included a high-level list in our note [2] to you. We believe the people in charge of groups relating to mobile Web applications are tracking these things in detail. Our goal in this note was to signal that, at a high level, there is both reason for concern about the likely success of our overall effort, and reason for optimism that a focused effort can succeed. Jeff Jaffe wrote [regarding distributed extensibility and vendor prefixes]: > Did the TAG discuss solutions? My instincts is that there is an > opportunity to address this by speeding up the pace of standardization. > If everyone is using the same approach - why should everyone call it > "webkit", why can't we just agree? In the particular case cited, which is CSS, there is very active work in the working group to improve the situation. If successful, that effort should settle the question of when to use -webkit and when not (we note that Webkit engines have 90+% market share on mobile, and that's contributing to the confusion between vendor-specific and ubiquitous features.) The TAG has at times started work in the general area of extensibility, but we are not currently focusing on this. Thank you very much. Noah Mendelsohn for the W3C Technical Architecture Group [1] http://lists.w3.org/Archives/Public/www-tag/2012Feb/0054.html [2] http://lists.w3.org/Archives/Public/www-tag/2012Feb/0049.html Tracker: this note addresses TAG ACTION-671
Received on Monday, 20 February 2012 22:42:40 UTC