W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2006

RE: ERR header (NEW ISSUE: Drop Content-Location)

From: Joris Dobbelsteen <Joris@familiedobbelsteen.nl>
Date: Sun, 3 Dec 2006 21:51:19 +0100
Message-ID: <73427AD314CC364C8DF0FFF9C4D693FF5449@nehemiah.joris2k.local>
To: "Julian Reschke" <julian.reschke@gmx.de>, "Henrik Nordstrom" <henrik@henriknordstrom.net>, "Henry Story" <henry.story@bblfish.net>
Cc: <ietf-http-wg@w3.org>

Awareness...
I believe we are talking about a technical solution for a problem causes
by people not being aware of the havoc caused (or are just plain
ignorant, which is best not to assume).

Now my doubts are that such technical solutions will resort desired
effect.

The implementors screw up, the administrators get the effects. I'm
considering whether this would get a true result and would people start
acting, rather than getting so annoyed to build filters protecting
against it.
How about feature abuse? Those captcha things are getting more and more
common every day. Google and Microsoft protect by using a captcha before
site entering, Yahoo requires you to have an account.

My believe is that validation tools (single reference) would resort
better results, provided that they are used by the development/test/QA
teams. In such situations the people that develop the product are
actually caring about compliance, instead of just advertising it as
such.

This leaves to my last thoughts, how well are browsers able to
(automatically) detect incorrect behaviour? If a validation tool can do
it, so can they. It they can't do it, is a validation tool capable to do
so?
My reasoning, if they were capable, they would have build mechanisms to
protect themselves against broken systems and make the functionality
available to others.
In fact, is it even possible to detect this problem using automated
systems or would it require a human to find out?

In such case, browsers would rather be equiped with such features that
can be turned on for developers/testers of web applications. Maybe that
would be a good middle way.

- Joris

>-----Original Message-----
>From: ietf-http-wg-request@w3.org 
>[mailto:ietf-http-wg-request@w3.org] On Behalf Of Julian Reschke
>Sent: zondag 3 december 2006 11:00
>To: Henrik Nordstrom
>Cc: Henry Story; ietf-http-wg@w3.org
>Subject: Re: ERR header (NEW ISSUE: Drop Content-Location)
>
>
>Henrik Nordstrom schrieb:
>> ...
>> I think I have now completely lost the picture on when/why adding an 
>> ERR method may be useful to the level that it outweights the 
>negative 
>> aspects or cost of deployment.
>> ...
>
>The interesting part (to me) is that essentially the 
>deployment cost for a simple version of ERR is zero: servers 
>that don't know it are likely to log it; which may be 
>completely sufficient if the server admin occasionally looks 
>at the log files.
>
>Best regards, Julian
>
>
Received on Sunday, 3 December 2006 20:50:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:53 GMT