Categories
Posts

Security and Privacy

Self-Review Questionnaire: Security and Privacy:

This document lists a set of questions one could ask about the security and privacy impact of a new feature or specification. It is meant as a tool that groups or individuals can use as a guide during a self-review, pointing towards important questions in areas where expertise might be lacking.

It is not meant as a “security checklist”, nor does an editor or group’s use of this questionnaire obviate the editor or group’s responsibility to obtain “wide review” of a specification’s security and privacy properties before publication.

Very well intended features can later be avenues for abuse. HSTS super cookies come to mind.