No but we are hoping to go to CR in July or August (i.e. before TPAC)
Other comments:
This is a data processing algorithm rather than an interaction specification and so the nature of the input data is what determines whether security is or isn't a risk. We have highlighted the danger of 'dataset poisoning' - i.e. attempting to overload or crash the process by using a dataset that has certain features. Implementations can spot this danger and abort the process.
We have conducted a self-review of our spec RDF Dataset Canonicalization and the results can be found at https://github.com/w3c/rdf-canon/issues/70
Please check our findings.
Other comments: This is a data processing algorithm rather than an interaction specification and so the nature of the input data is what determines whether security is or isn't a risk. We have highlighted the danger of 'dataset poisoning' - i.e. attempting to overload or crash the process by using a dataset that has certain features. Implementations can spot this danger and abort the process.