Thoughts yesterday lunch w @bcrypt: @W3C specs too big/complex. How do we simplify WebAPIs to reduce security surface?

Thoughts yesterday lunch w @bcrypt:
@W3C specs too big/complex.
How do we simplify WebAPIs to reduce security surface?