One of the suggested additions to "intent to implement" emails:
https://wiki.mozilla.org/WebAPI/ExposureGuidelines#Intent_to_Implement
is a statement regarding Security & Privacy concerns, because those
have often been noted as brief summary statements in some past "intent
to implement" emails.
There has been some discussion among various W3C/TAG etc. folks of
adding a security self-review to W3C specifications, based on this
strawman list of questions to answer (e.g. perhaps informatively in a
section in a spec)
https://mikewest.github.io/spec-questionnaire/security-privacy/
Until specs start publishing their answers to these security/privacy
questions, should we consider doing so at least as part of "Intent to
implement"?
Thoughts?
Tantek