Note: This ballot was opened for revision 00-09 and is now closed.
Ballot question: "Do we approve of this charter?"
(Alexey Melnikov) Yes
Deborah Brungard No Objection
Alissa Cooper No Objection
Roman Danyliw No Objection
Comment (2020-03-05 for -00-16)
I agree with Ben Kaduk the goal of "Address[ing] the threat model of a website compromised after a user first uses the site." requires clarification.
Benjamin Kaduk (was Block) No Objection
Comment (2020-02-26 for -00-14)
It's not entirely clear to me whether "low latency to load a subresource" fits better as a primary or secondary goal. We say we'll try to have security and privacy properties "as close as practical to TLS 1.3". Do we have a sense for how much distance we are willing to accept (vs. conceding that we cannot uphold our security and privacy requirements and produce something that satisfies the key goals) and still publish? When we say that we will try to "address the threat model of a website compromised after a user first uses the site", I'm not entirely clear on which properties we're trying to preserve in the face of such threats. Regarding the "automatic discovery" non-goal, does this preclude a way for a website to indicate how to retrieve an offline-usable version of a resource when that resource is being fetched "on-line"? Are there other IETF WGs (in addition to W3C and WHATWG) that might have some knowledge about security and privacy models for the web?
(Suresh Krishnan) No Objection
(Mirja Kühlewind) (was Block) No Objection
Comment (2020-03-04 for -00-16)
Thanks for addressing and clarifying my block points on any transport-related potential touch points! The charter seem fine to me now to move on. I think my old comments below are still valid though (for the record mainly). One editorial comment: I find the chosen form of listing goals rather than writing text that describes the scope of the work not very reader-friendly (at least more the main/key goals). I think text instead of quite short bullet points would be more meaningful and would probably have avoided some of the discussion/confusion we had about this charter. Further I agree with Ben that this part is not very clear and could be better scoped: "Security and privacy properties of using authenticated bundles as close as practical to TLS 1.3 transport of the same resources."