W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1996

Re: Conventions for Sharing User Agent Profiles

From: Jeffrey Mogul <mogul@pa.dec.com>
Date: Wed, 14 Aug 96 11:48:40 MDT
Message-Id: <9608141848.AA13879@acetes.pa.dec.com>
To: Shel Kaphan <sjk@amazon.com>
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/1343
    Also, the bit about the signing of the profiles might need a little
    thought, because it isn't necessarily the vendor that you want to
    have being responsible for the profile.  Vendors might be less
    likely to note bugs or count them as worth including.
The vendor is an obvious choice, both because the browser vendor
has an obvious incentive to keep the user relatively happy (at
least, until the browser market is back to being dominated by
a single vendor!) and because if you don't trust the vendor
who gave you the browser binary in the first place, you can't
really trust anything done with a browser profile.

It would not be too much of a stretch to imagine that a browser
would accept updates signed by either the original vendor or
by one of a predetermined set of trustworthy parties, such as
CERT or perhaps well-established support vendors (e.g., Cygnus
or Digital).  There's no reason (except logistics) to limit this
to a single signature authority.

Received on Wednesday, 14 August 1996 11:58:39 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:17 UTC