W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: WGLC issue for p7: "strength"

From: Martin Thomson <martin.thomson@gmail.com>
Date: Sat, 24 Mar 2012 16:56:51 -0700
Message-ID: <CABkgnnUNrWByKkpcDgVRv+=9Ci_m1mMD8Jr-3bgZ1PMPpxH-Lg@mail.gmail.com>
To: Amos Jeffries <squid3@treenet.co.nz>
Cc: ietf-http-wg@w3.org
On 23 March 2012 16:51, Amos Jeffries <squid3@treenet.co.nz> wrote:
> Was not the reasoning behind that MUST to prevent mishaps like IE6 selecting
> the first presented option even if it was the worst security-wise?

I don't think that there is much you can do to prevent this other than
to note that some UAs do bad things like this.  The UA should be
acting in the best interests of its users and picking what it thinks
is best.  Putting that statement in the specification with a MUST
would be an interesting (and totally untestable) choice.

As Alexey notes, you can do a few things to describe the security of a
particular scheme, but absolute statements of the sort "this is better
than that" are not wise.

--Martin
Received on Saturday, 24 March 2012 23:57:21 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:57 GMT