W3C home > Mailing lists > Public > public-bpwg-ct@w3.org > October 2008

[agenda] CT Call Tuesday 14 October 2008

From: Francois Daoust <fd@w3.org>
Date: Mon, 13 Oct 2008 11:47:31 +0200
Message-ID: <48F31933.4000100@w3.org>
To: public-bpwg-ct <public-bpwg-ct@w3.org>

-----
Chair: François
Staff Contact: François
Known regrets: none

Date: 2008-10-14T1400Z for 60mn
Phone: +1.617.761.6200, +33.4.89.06.34.99, +44.117.370.6152
Conference code: 2283 ("BCTF") followed by # key
IRC channel: #bpwg on irc.w3.org, port 6665.


1. HTTPS links re-writing
-----
http://lists.w3.org/Archives/Public/public-bpwg-ct/2008Oct/0014.html

Reply:
  http://www.ietf.org/mail-archive/web/tls/current/msg02969.html

I'm wondering about:
"Since this is a man-in-the-middle attack, it would be interesting to
know how browsers react in that case. It should be have been made clear
to the user which site he connected to (www.proxy.com instead of
www.amazon.com)."

I doubt that any mobile browser alerts the user of the domain it 
connects to in HTTPS. Am I right?


2. LC-2019: POST/GET conversion
-----
http://www.w3.org/2006/02/lc-comments-tracker/37584/WD-ct-guidelines-20080801/2019

- state that it's forbidden to convert between POST and GET?


3. LC-2034: Applicable HTTP methods (§4.1.1)
-----
http://www.w3.org/2006/02/lc-comments-tracker/37584/WD-ct-guidelines-20080801/2034

- use following wording?
"The scope of content that proxies transform is typically limited to 
GET, POST and HEAD HTTP requests. Proxies should not intervene in other 
HTTP methods."


4. LC-1997, LC-2006, LC-2014, : Original HTTP headers in X-Device-foo
-----
http://www.w3.org/2006/02/lc-comments-tracker/37584/WD-ct-guidelines-20080801/1997
http://www.w3.org/2006/02/lc-comments-tracker/37584/WD-ct-guidelines-20080801/2006
http://www.w3.org/2006/02/lc-comments-tracker/37584/WD-ct-guidelines-20080801/2014

- postpone until we get a clearer picture of the need to change the 
User-Agent?


5. LC-2046: on HTTP headers deletion
-----
http://www.w3.org/2006/02/lc-comments-tracker/37584/WD-ct-guidelines-20080801/2046

- what is the use case that requires deletion of HTTP headers?


6. LC-2041, LC-2080: Servers must return Cache-Control: no-transform 
when it is received, why?
-----
http://www.w3.org/2006/02/lc-comments-tracker/37584/WD-ct-guidelines-20080801/2041
http://www.w3.org/2006/02/lc-comments-tracker/37584/WD-ct-guidelines-20080801/2080

- section is to become informative.
- should we still explain the rationale?


7. LC-2083: Sniffing "rejected" responses (§4.3.3)
-----
http://www.w3.org/2006/02/lc-comments-tracker/37584/WD-ct-guidelines-20080801/2083

- anything else we could say?


8. LC-2084: Receipt of Vary HTTP header (§4.3.4)
-----
http://www.w3.org/2006/02/lc-comments-tracker/37584/WD-ct-guidelines-20080801/2084

- add an example in Appendix B?
- link to the appendix?


9. AOB
------
Received on Monday, 13 October 2008 09:48:08 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 13 October 2008 09:48:09 GMT