W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1997

Re: HTTP State Management Mechanism (Rev1): EndSession attribute

From: Larry Masinter <masinter@parc.xerox.com>
Date: Wed, 30 Apr 1997 00:22:38 PDT
Message-Id: <3366F33E.7012@parc.xerox.com>
To: Michael Giroux <mgiroux@worldnet.att.net>
Cc: 'Josh Cohen' <josh@netscape.com>, "'http-wg@cuckoo.hpl.hp.com'" <http-wg@cuckoo.hpl.hp.com>
Michael,

It is putting it perhaps to strongly to say that the IETF is the
"Internet Engineering Task Force" and not the "InTRAnet Engineering Task
Force", but in general there's very little sympathy for the point of
view that Internet Standards need not take into account the security
considerations necessary for deployment across the Internet.

This is true in general, but seems even more applicable in this
particular case, where your proposal is motivated primarily by
a desire to close off a security problem in the first place.

> I agree, a clever programmer will write a program.  This would only stop 
> beginners.

What we've learned is that non-beginners share their hacks with
beginners so that everyone on alt.cool.hack.warez knows how
to crack the system.

In short: 

there's some sympathy that you've identified a 'problem', but
your 'proposal' to solve the problem doesn't do so effectively.

In lieu of a more effective proposal, I don't think we're going
to make progress on this issue.

Regards,

Larry
Received on Wednesday, 30 April 1997 00:26:17 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:35 EDT