W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: #328: user Intervention on Redirects

From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 6 Feb 2012 16:10:00 -0800
Message-ID: <CABkgnnXh4JUMXn+x5PLtkR-_wmvnJJP5n=eiWxz=AM5UEGF5Bw@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 6 February 2012 15:55, Mark Nottingham <mnot@mnot.net> wrote:
> I'm now wondering if we should consider removing this requirement altogether.

Remove it.  I imagine that the original idea was that you might want
to prevent a server that from getting you to pass your secrets to some
other server.  Or that it might do a bait and switch.

In a world with clickjacking, this sort of measure just seems naive.
Received on Tuesday, 7 February 2012 00:14:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:55 GMT