ep38 Monthly Web 201805
- published_at
- 2018-06-07
- guest
- @myakura
- toc
-
headings
Theme
第 38 回のテーマは 2018 年 5 月の Monthly Web です。
Show Note
Chrome 動向
- Stable: 67
-
Google I/O
- Chromium Blog: The State of the Web at Google I/O 2018
- Official Google Webmaster Central Blog: Google I/O 2018K - What sessions should SEOs and Webmasters watch live ?
- Schedule
-
The web: state of the union
- https://www.youtube.com/watch?v=Ay-mdLMDtbs
- overview としてはこのへん
-
Building a seamless web
- https://www.youtube.com/watch?v=Wi_PhaFdjlo
- WebPackaging, Feature Policy, Layered APIs, Portals など
- https://github.com/KenjiBaheux/portals/blob/master/explainer.md
- PWA starter kit: build fast, scalable, modern apps with Web Components
- Lessons from Spectre and Meltdown, and how the whole web is getting safer
-
What's new in web accessibility
- https://www.youtube.com/watch?v=wkvslBGkhZY
- DevTools の A11y panel と、 AOM のはなし
- etc
-
Updates
-
New in Chrome 67
- https://developers.google.com/web/updates/2018/05/nic67
- desktop pwa
- generic sensor api
- bigint
-
Deprecations and removals in Chrome 67
- https://developers.google.com/web/updates/2018/04/chrome-67-deps-rems
-
Deprecate HTTP-Based Public Key Pinning
- Expect-CT に移行し HPKP は 69 で削除
- blog
- Deprecate AppCache on Non-secure Contexts
-
Layout 以下が削除
-webkit-box-flex-group-webkit-line-clamp-webkit-box-lines
-
Deprecation policy
- API 削除に関するポリシーの説明
- ML で intent to deprecate
- console で warning
- 利用量を監視して減ったら削除
- https://www.chromestatus.com/features#deprecated か #removed に一覧
- https://www.chromium.org/blink#TOC-Launch-Process:-Deprecation
-
What's New In DevTools (Chrome 68)
- https://developers.google.com/web/updates/2018/05/devtools
- Eager Evaluation
- Argument hints
- Function autocompletion
- ES2017 keywords in the Console: top level await の補完など
- Lighthouse 3.0 in the Audits panel
- BigInt support
- Adding property paths to the Watch pane
- "Show timestamps" moved to Settings.
-
Announcing Lighthouse 3.0
- https://developers.google.com/web/updates/2018/05/lighthouse3
- csv/json 出力サポート
- First Contentful Paint
- スコアリングの変更
- etc
- BigInt: arbitrary-precision integers in JavaScript
-
Google URL Shortener から Firebase Dynamic Links へ
- https://developers-jp.googleblog.com/2018/05/transitioning-google-url-shortener.html
- goo.gl の URL はもう作れんない、既存のものは存続
- Firebase の API で *.app.goo.gl が作れる
- アプリの連携なども含め高機能
- Welcome to the immersive web
-
Progressive Web Apps on the Desktop
- https://developers.google.com/web/updates/2018/05/dpwa
- Chrome OS のみ Desktop で install できる
- Win, Mac, Linux などは対応中
- Using Lighthouse To Improve Page Load Performance
-
First Input Delay
- https://developers.google.com/web/updates/2018/05/first-input-delay
- インタラクションしてから、実際に操作が開始できるまでの時間という指針
- ユーザの実際の不満や苦痛を反映しやすい
- Polyfill を作り、 Performance Timing API にも反映させたい
- CrUX にも FID の項目を追加したい
- などなど
- https://github.com/GoogleChromeLabs/first-input-delay
-
Enabling Strong Authentication with WebAuthn
- https://developers.google.com/web/updates/2018/05/webauthn
- Credential Management API の拡張で FIDO U2F 対応
- blog
-
Chromium Blog: Evolving Chrome's security indicators
- https://blog.chromium.org/2018/05/evolving-chromes-security-indicators.html
- Chrom 70 から HTTPS を緑にするのではなく、 HTTP を赤(form input 時)にする
- Beyond SPAs: alternative architectures for your PWA
-
New in Chrome 67
-
Intents
- Ship: Keyboard lock
-
Ship: WebRTC Unified Plan SDP format control flag
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/B1Yr62txfwQ/5DINeHoSCAAJ
- https://groups.google.com/forum/#!msg/discuss-webrtc/x8lcqHRlWmA/FPBK41WaBgAJ
- RTCPeerConnection に "Unified Plan" / "JSEP" で SPD を切り替える
- Ship: DOMMatrix Transformations on Canvas
- Ship: CSS Scroll Snap
-
Ship: Reporting and Network Error Logging
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/nNji_u7BRxo/Zh8Y9hRlBAAJ
- NEL Response Header でネットワーク関係のエラーを Reporting に載せられる
-
Ship: Add referrerpolicy attribute support to
<script>elements - Ship: Page Lifecycle - to enable system initiated Discarding & Freezing
- Ship: Array.prototype.{flat,flatMap}
- Ship: Double-position gradient color stop syntax
- Implement and Ship: filtered elements establish containing blocks
- Implement and Ship: AnimationEvent.pseudoElement
-
Implement and Ship: Push API : Allow passing a base64url-encoded value to
applicationServerKey - Implement and Ship: RTCRtpTransceiver
- Implement and Ship: Make CSSOM APIs append rather than replace slots in the declaration block
- Implement and Ship: Don't allow popups during page unload
-
Implement and Ship: CSS Logical Properties and Values
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/48OwfwZrbvI/yIElvmbkCQAJ
- 絶対方向ではなく、相対方向にすることで R2L 言語にも対応
- Implement: IntersectionObserver V2 -- Occlusion Reporting
-
Implement:
<virtual-list>element layered API- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/5411pauM9e8/aX4K4wz6DgAJ
- Lapis の high level custom element
-
Implement: async local storage layered API
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/suT7pB2M9L0/ZuA8AQz6DgAJ
- Lapis の high level api
- Implement: Gamepad Touchpad
- Implement: Picking echo canceller for getUserMedia
-
Implement: WebGPU
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/dxqWTSvyhDg/1UDaFD17AQAJ
- WebGL よりも低レベルで、より直接的に GPU を使うための API
- 仕様のディスカッションをしてる CG は Apple が昨年提案
-
Implement: Layered API infrastructure
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/MFbJuzA5tH4/t6Q-LZHpAgAJ
- import の URL で pipe を使ってフォールバックできるように
-
Implement: Intervention reports
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/83uwiEBHMGc/jF8BDFIrCAAJ
- intervention が発生したことを Reporting API や Reporting Observer で取得する
- intervention: ユーザのためにブラウザが意図して挙動を変えること
- ex) popupblock, event listener to passive, block document.write etc
- https://github.com/WICG/interventions/blob/master/README.md
- https://docs.google.com/presentation/d/1yD5nmmzQGAbV6Zn3aiuEOAFccgbWjXomLCDFM4dYMF4
- Implement: RTCQuicTransport & RTCIceTransport
-
Implement: Scroll to CSS selector
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/aKI6doxffgQ/7dzrVvo4CAAJ
- id だけではなくセレクタでリンクを貼れる
- Implement: TextEncoderStream and TextDecoderStream APIs
-
Implement: The
Sec-MetadataHTTP request header. - Experiment: Kaby Lake VP8 acceleration on ChromeOS
- Experiment: Picture-in-Picture (PiP)
- Experiment: Deferred/lazy Document::UpdateStyle
- Extend Origin Trial: Experimental support for native AEC
- PSA: Incremental Shadow DOM is launching
- Change:
- Unship:
- Remove: currencySystem in PaymentRequest API
- Remove: sequence version of supportedMethods in PaymentRequest API
- Deprecate and Remove: Document#selectedStylesheetSet/preferredStylesheetSet
- Deprecate and Remove: remove HTMLFrameSetElement's anonymous getter
- Site Isolation Status - M66 Stable Trial
- Site Isolation Status - Preparing for M67
-
Team Weekly Snippet
- Platform Architecture Team snippet
-
v8
- V8 JavaScript Engine: Adding BigInts to V8
- V8 JavaScript Engine: V8 release v6.7
-
AMP
- Dynamic geo-personalization
- AMP and Advertising Conversions
- New functionality to help manage user choice in AMP pages
- Join the AMP team at Google I/O 2018!
- A first look at using web packaging to improve AMP URLs
- AMP at Google I/O: Strengthening the AMP ecosystem
- Dynamic geo-personalization
-
Other
-
How to post a task to recalc style during layout
- https://groups.google.com/a/chromium.org/forum/#!msg/layout-dev/gQ6mqKCquSQ/LNjxv9f-BQAJ
- "maximum-downscaling-image" という feature-policy を実装しているらしい
- 画像が表示ボックスより倍以上大きい場合、画像を反転させてレンダリングする
-
Async local storage - Chrome Platform Status
- https://www.chromestatus.com/feature/6428344899862528
- 2 年くらい前に提案したら誰も取り合ってくれなかったのに Web Developers: Strongly positive らしい。
-
Introducing .app, a more secure home for apps on the web
- https://www.blog.google/topics/developers/introducing-app-more-secure-home-apps-web/
- https://developers-jp.googleblog.com/2018/05/introducing-app-more-secure-home-for.html
- https://developers.googleblog.com/2018/05/app-is-now-open-for-general-registration.html
- .app という gTLD 受付開始
- 最初から preload HSTS
- .dev も coming soon らしい
- Variable fonts and the digital revolution
- Google Developers Japan: セーフ ブラウジングで WebView を保護
-
Web Notifications API Support Now Available in FCM Send v1 API
- https://developers.googleblog.com/2018/05/web-notifications-api-support-now.html
- Firebase Cloud Messaging で Web Push
- blog この話が canary に入った
-
How to post a task to recalc style during layout
Firefox 動向
- Stable: 60
-
Updates
- Firefox 60 - Modules and More
- New in Firefox 61: Developer Edition
-
These Weeks in Firefox: Issue 37 - Firefox Nightly News
- https://blog.nightly.mozilla.org/2018/05/01/these-weeks-in-firefox-issue-37/
- Our implementation of Same Site Cookies landed and was uplifted to Firefox 60.
- Web Payments: The team has completed 58% of the Milestones 1 - 3 Backlog.
-
These Weeks in Firefox: Issue 38 - Firefox Nightly News
- https://blog.nightly.mozilla.org/2018/05/16/these-weeks-in-firefox-issue-38/
- Web Payments: Team has completed 66% of the Milestone 1 - 3 Backlog.
-
These Weeks in Firefox: Issue 39 - Firefox Nightly News
- https://blog.nightly.mozilla.org/2018/05/24/these-weeks-in-firefox-issue-39/
- Web Payments: Team has completed 74% of the entire Milestone 1 - 3 Backlog.
-
Intents
-
Ship: event.srcElement
- https://groups.google.com/forum/#!msg/mozilla.dev.platform/y9KU21IBFvo/dVwVG9b1DgAJ
- target の alias で IE 由来だけど、他もサポートしてるからサポートする
- Ship: media-capabilities
- Ship: WebSpeech synthesis on Android
- Implement & Ship:
- Implement: AudioWorklet
- Implement: Async Clipboard API
- Implement and Ship: import.meta in ES6 modules
- Experiment:
- Change:
- Unship:
- Remove:
- Unship: File.lastModifiedDate
- Unship: http-equiv cookies
- Unship: getPropertyCSSValue-related interfaces Rect, RGBColor, CSSValue, CSSPrimitiveValue and CSSValueList
- Unship: DOMAttrModified and DOMSubtreeModified event for changes via CSSOM
- Unship: XUL display values from content pages
- Unship: -moz-window-opacity / -moz-window-transform / -moz-window-transform-origin CSS properties
- Explore: A declarative low level graphics API that has a simple mapping to CSS
-
Ship: event.srcElement
-
Site Compat
-
Service workers and push notifications are disabled on Firefox 60 ESR
- https://www.fxsitecompat.com/en-CA/docs/2018/service-workers-and-push-notifications-are-disabled-on-firefox-60-esr/
- ESR では Service Worker は off になる
- アーキテクチャの変更が安定してないので ESR にはまだ入れないという判断
- File.lastModifiedDate has been removed
- Firefox 61 Developer Edition, upcoming keyboard event changes, and proper offline support
- removestream event has been removed from RTCPeerConnection
- FileReaderSync is no longer available in service workers
- online/offline events are no longer fired on document and document.body
- CSP referrer directive has been removed
- Support for Event.prototype.srcElement has been added
- CSSStyleDeclaration.getPropertyCSSValue() has been removed
- Type of CSS interface has been changed from function to object
- justify-items:auto has been renamed to legacy
- keydown and keyup events will soon be fired during IME composition
- grid-gap, grid-row-gap and grid-column-gap properties have been unprefixed
- Application Cache can no longer be used on insecure sites
- ::selection pseudo-element has been unprefixed
- navigator.registerProtocolHandler() can no longer be used on insecure sites
- CSSStyleDeclaration.getPropertyCSSValue() and related interfaces have been removed
- DOMPoint constructor no longer accepts DOMPointInit as argument; DOMQuad.bounds has been deprecated
- DOMAttrModified and DOMSubtreeModified events are no longer fired when style attribute is changed via CSSOM
- Most of non-standard CSS display values have been dropped
-
Service workers and push notifications are disabled on Firefox 60 ESR
-
Other
- Making a Web Thing on the ESP8266
- PSA: new helper class for MozPromise in DOM code
- Performance profiling improvements
- CDN, BCD, and SVG: MDN Changelog for April 2018
- Creating Web Things with Python, Node.js, and Java
- Progressive Web Apps core guides on MDN Web Docs
- Announcing MozillaBuild 3.2 Release
- New Policy: Marking Bugzilla bugs for features riding behind a pref
- Mozilla's 48-Hour Hackathon for a Better Internet
- Welcome Chris Lin, our new Vice President of IT
- We Asked People How They Feel About Facebook. Here's What They Said
- Debugging Modern Web Applications
-
GDPR
- https://blog.mozilla.org/blog/2018/05/23/the-general-data-protection-regulation-and-firefox/
- Changeset 232226 - WebKit
- European General Data Protection Regulation
-
A cartoon intro to DNS over HTTPS
- https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
- DoH の概要と DNS を暗号化する意味、 1.1.1.1 についてなど
- Baby's First Rust+WebAssembly module: Say hi to JSConf EU!
-
Shadow DOM was activated in Nightly today
- https://bugzilla.mozilla.org/1460069
- https://twitter.com/FirefoxNightly/status/1001104178146611202
- Shadow DOM が NIghtly で有効に
Safari 動向
- Stable: 11.1
-
Release Notes for Safari Technology Preview 55
- https://webkit.org/blog/8284/release-notes-for-safari-technology-preview-55/
- Added support for
calc()in webkit-gradient and cross-fade - Added allSamplesInTrackEnqueued event
-
Release Notes for Safari Technology Preview 56
- https://webkit.org/blog/8296/release-notes-for-safari-technology-preview-56/
- Implemented Intl.PluralRules
- Added support for stream APIs
- Added support for the WHATWG proposed From-Origin:same and From-Origin:same-site response headers with nested frame origin checking as an off by default experimental feature
-
Release Notes for Safari Technology Preview 57
- https://webkit.org/blog/8307/release-notes-for-safari-technology-preview-57/
- no longer run on macOS Sierra
-
Added initial support for the Cross-Origin-Options HTTP response header (was From-Origin)
- Migrate From-Origin to Cross-Origin-Resource-Policy:
-
Rename "Cross-Origin-Options" HTTP header to "Cross-Origin-Window-Policy"
- https://trac.webkit.org/changeset/232499/webkit
- 収録くらいのタイミングでまた名前が変わってた
- Enabled the modern EME API by default
-
Other
- Visualizing Layers in Web Inspector
-
Changeset 232226 - WebKit - [JSC] Rename Array#flatten to flat
- https://trac.webkit.org/changeset/232226/webkit
- Changeset 232404 in webkit - [JSC] Add Symbol.prototype.description getter
- https://trac.webkit.org/changeset/232404/webkit
Edge 動向
- Stable: EdgeHTML 17
-
MS Build:
- Web に関しては PWA 祭りという印象
- 資料と映像が上がってるものは資料のリンク
- Talking PWAs with Twitter
- Everything You Need to Know About PWAs
- Cboard: A Progressive Web App for Everyone (pptx)
- Starbucks Progressive Web App (pptx)
- Modernizing Twitter for Windows as a PWA (pptx)
- Building Progressive Web Apps (pptx)
- Designing for Everyone (ppt)
-
:decode 2018
- Web の話はあまり無かった模様
- https://www.microsoft.com/ja-jp/events/decode/2018/
-
Status Updates
- https://github.com/MicrosoftEdge/Status/compare/production@{2018-05-01}...production@{2018-06-01}
-
In development
- Credential Management API
- iframe[srcdoc] attribute
- WebP image format
-
Shipped
- CSP upgrade-insecure-requests directive
- Web Application Manifest
-
Under Consideration
- Object rest/spread properties
- Asynchronous Iterators
- Web Share API
-
EdgeHTML
-
What's new in Microsoft Edge in the Windows 10 April 2018 Update - Microsoft Edge Dev Blog
- https://blogs.windows.com/msedgedev/2018/04/30/edgehtml-17-april-2018-update/
- Automatically fill forms and credit card details
- Offline web sites and push notifications
- Expressive, performant typography with Variable Fonts
- Improved accessibility via ARIA 1.1 Roles, States, and Events
- Subresource Integrity / Upgrade-Insecure-Request
-
EdgeHTML17
- https://aka.ms/devguide_edgehtml_17
- https://docs.microsoft.com/en-us/microsoft-edge/dev-guide
- ARIA 1.1 Roles, States, and Events
- Media Capture API (screen capture)
- PWA
- SRI
- Variable Fonts
-
What's new in Microsoft Edge in the Windows 10 April 2018 Update - Microsoft Edge Dev Blog
-
Build Changelog
- Announcing Windows 10 Insider Preview Build 17666
- Announcing Windows 10 Insider Preview Build 17672
- Announcing Windows 10 Insider Preview Build 17677
-
Other
- Bringing Screen Capture to Microsoft Edge with the Media Capture API
- Introducing the Microsoft Edge DevTools Protocol
- 2018 年 5 月の Internet Explorer / Microsoft Edge の累積的なセキュリティ更新プログラムを公開しました
- Previewing support for same-site cookies in Microsoft Edge
- Get started with web push notifications
- New features for extensions in the Windows 10 April 2018 Update - Microsoft Edge Dev Blog
-
Exchange Server TLS guidance
- Exchange Server TLS guidance, part 1: Getting Ready for TLS 1.2 - You Had Me At EHLO ...
- Part 2: Enabling TLS 1.2 and Identifying Clients Not Using It - You Had Me At EHLO ...
- Part 3: Turning Off TLS 1.0/1.1 - You Had Me At EHLO ...
WHATWG/W3C 動向
- Recommendation
-
Proposed Recommendation
- Call for Review: Canonical EXI is a W3C Proposed Recommendation
- Call for Review: WebDriver is a W3C Proposed Recommendation
-
Candidate Recommendation
- W3C Invites Implementations of TTML Profiles for Internet Media Subtitles and Captions 1.1
- W3C Invites Implementations of WebVTT: The Web Video Text Tracks Format
- W3C Invites Implementations of Pointer Events - Level 2
- W3C Invites Implementations of CSS Writing Modes Level 4 and Updated CSS Writing Modes Level 3
- W3C Invites Implementations of CSS Containment Module Level 1
- Working Draft
-
First Public Working Draft
- First Public Working Draft: Data Catalog Vocabulary (DCAT) - revised edition
-
Chartering
- Proposed W3C Charter: JSON-LD Working Group
- Smart Contracts Community Group created
- Approved: Timed Text Working Group Revised Charter
-
Other
- New version of the Roadmap of Web Applications on Mobile
- W3C opens Advisory Board (AB) election
- New mailing list for discussing web packaging
- Interlinear Text Layout Community Group Proposed from Do Not Reply
- [css-grid] Status update Level 1 & Level 2
- WebRTC NV Use Cases
- W3C WAI Website and Resources Redesigned
-
[翻訳] 忙しい人のための W3C プロセス入門
- W3C Process for Busy People の翻訳
- https://github.com/w3c/wg-effectiveness/blob/master/process_jp.md
- W3C Workshop Report: Data Privacy Controls and Vocabularies
-
W3C Advisory Committee Elects Advisory Board
- https://www.w3.org/blog/news/archives/7049
- AB の Election 結果
- Michael Champion (Microsoft)
- Jay (Junichi) Kishigami (NTT)
- Charles McCathie Nevile (Yandex)
- Florian Rivoal (W3C Invited Expert)
- Natasha Rooney (GSMA)
- Tzviya Siegman (Wiley)
- David Singer (Apple)
- L é onie Watson (The Paciello Group)
- Judy Zhu (Alibaba).
- 退任: Tantek Ç elik (Mozilla) and Chris Wilson (Google)
TC39 動向
- agendas/05.md at master · tc39/agendas
-
Proposals Diff
- https://github.com/tc39/proposals/compare/master@{2018-05-01}...master@{2018-06-01}
-
0->1
- [unicode-sequence-properties]
- [module-keys]
- [static-blocks]
- [class-access-expressions]
- [matching]
- [regex-offsets]
-
1->2
- [object-from-entries]
- [top level await]
- [Function.prototype.toString() censorship]
- [set-methods]
- [well-formed-stringify]
- [realms]
- [numeric_separators]
-
2->3
- Array.prototype.{flat,flatMap}
- static-class-features
- symbol-description
-
3->4
- [optional-catch]
- [json-superset]
-
New Proposals
-
Symbol.thenable
- https://github.com/devsnek/proposal-symbol-thenable
Symbol.thenableという symbol
-
asdestructuring patterns]: zkat/proposal-as-patterns- https://github.com/zkat/proposal-as-patterns
const {x: {y} as x} = {x: {y: 1}}
-
static-blocks
- https://github.com/rbuckton/proposal-class-static-block#readme
- static {} で囲めるようにし、例外処理とかかけるように
-
class-access-expressions
- https://github.com/rbuckton/proposal-class-access-expressions
class C { static f(){} g(){ class.f(); }}- 自身の Class の static メソッドを呼ぶために class という構文を入れる
- matching
-
regex-offsets
- https://github.com/rbuckton/proposal-regexp-match-offsets
- 正規表現マッチ結果へ index からの相対でアクセス
- Intl.NumberFormat
- Intl.DateTimeFormat.prototype.formatRange
-
Symbol.thenable
-
Other
- approving a replacement name for Array.prototype.flatten (not smoosh)
IETF 動向
-
RFC
-
RFC 8392 - CBOR Web Token (CWT)
- https://tools.ietf.org/html/rfc8392
- Web Authentication API でも使ってるやつ RFC
-
RFC 8392 - CBOR Web Token (CWT)
-
IETF Last Call
- Last Call: (Bootstrapping WebSockets with HTTP/2) to Proposed Standard from The IESG
-
WG Last Call
- Expect-CT Extension for HTTP
- Call for Adoption
- I-D Action
-
Draft
-
The QUIC Latency Spin Bit
- https://tools.ietf.org/html/draft-ietf-quic-spin-exp-00
- https://devae.re/f/eth/quic/spinbit_report/
- 全部暗号化されていると RTT の最適化などができない
- 外から見える 1bit (spin bit) を用意する提案
- Client-Server 間でトグルしながら送り合う
- プライバシを守ったまま一定の効果を観測している
- The Harmful Consequences of the Robustness Principle
- Multicast DNS Discovery Relay
- TLS Downgrade protection extension for TLS DNSSEC Authentication Chain Extension
-
JSON Canonicalization Scheme (JCS)
- https://tools.ietf.org/html/draft-rundgren-json-canonicalization-scheme-00
- JSON 文字列から Hash をとったりする際に順番が変わるとまずい
- Key のソートや White Space などのルールを決める提案
- QPACK: Header Compression for HTTP over QUIC
-
GREASE for HTTP/2
- https://tools.ietf.org/html/draft-bishop-httpbis-grease-00
- Frame Type や Setting に対してグリス
- 知らない値をちゃんと無視するかどうか
- Reciprocal OAuth
- A JSON Meta Application Protocol (JMAP) Subprotocol for WebSocket
- Using secp256k1 with JOSE and COSE
- Using EAP-TLS with TLS 1.3
- Use of the Hash-based Signature Algorithm with CBOR Object Signing and Encryption (COSE)
-
The QUIC Latency Spin Bit
- Other
セキュリティ動向
-
SSL/TLS 暗号設定ガイドライン 第 2.0 版の公開
- https://www.cryptrec.go.jp/topics/cryptrec_20180508_gl_3001_2.0.html
- Cryptrec の SSL/TLS 暗号設定ガイドラインが 3 年ぶりに更新
- https://jovi0608.hatenablog.com/entry/2018/05/09/213703
- 大津さんのアンサー、間違いの指摘や X25519 253bit が適用外という点を指摘
- HTTPS 周りの話も混ざっているがその辺も微妙
-
EFAIL
- https://efail.de/
- PGP などで暗号化されたペイロードを HTML メールの
<img>タグのパスに埋めておく - メーラが暗号化を複合した結果を
<img>の fetch で外に投げてしまう - 色々な複合技だけど、抜本的な解決は HTML 無効くらいしかなさそう
- そうなると AMP for Email どうなるか
-
ADV180012 | Microsoft Guidance for Speculative Store Bypass
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012
- Spectre/Meltdown の亜種である CVE-2018-3639 が発見される
- 最近 SameSite/SecMetadata/From-Origin などが動き始めてるのはやっぱりこのためなんだろうか。
- https://www.arturjanc.com/cross-origin-infoleaks.pdf
- サイバーセキュリティに関するグローバル動向四半期レポート(2018 年 1 月〜 3 月)を公開 | NTT データ
周辺動向
- Grid Level 2 and Subgrid
-
Custom domains on GitHub Pages gain support for HTTPS
- https://blog.github.com/2018-05-01-github-pages-custom-domains-https/
- Github Pages でカスタムドメイン HTTPS
- The Front-End Tooling Survey 2018 - Results - AshleyNolan.co.uk - Blog and Portfolio for Ashley Nolan
-
Redefining Web Performance
- https://noti.st/tkadlec/OOXqpJ/redefining-web-performance
- https://deltavconf.com/
- #deltaVconf なるものがあった
- Introduction to Web Development
-
QUIC
- Google's QUIC protocol: moving the web from TCP to UDP
- The headers we don't want
- The headers we want
- How do we Stop Spilling the Beans Across Origins?
-
https://twitter.com/johnwilander/status/1000792369258639360
- Apple のセキュリティエンジニアが
<ad>要素はどうかなあとツイート <ad src="https://ad.example" type="image" size="..." audience="fashion, vegan, comics" impression-report-src="https://ad.example/impression"></ad>- クレデンシャルとリファラは送られず、レポートに origin だけ送られる
- Apple のセキュリティエンジニアが
イベント
-
5 月
- 8-10: Google I/O 2018
- 8-10: MS Build
- 10-11: DeltaV Conference
-
10-11: Web5G Workshop
- https://www.w3.org/2017/11/web5g-workshop/sponsorship
- ETSI work on Next Generaton Protocols for 5G
- Cloud integration - The Browser As An App Platform
- WebXR and Web5G
- Scalable media delivery on the Web with HTTP Server Push
- 23: de:code 2018
-
25: GDPR (European General Data Protection Regulation)
- 各位お疲れ様です
-
6 月
- 4-8: WWDC
- 7 月
- 8 月
- 9 月
-
10 月
- 22-26: TPAC 2018 Lyon
-
11 月
- 12-14: Chrome Dev Summit