W3C home > Mailing lists > Public > public-bpwg@w3.org > September 2009

Re: CT Guidelines Version 1u

From: Eduardo Casais <casays@yahoo.com>
Date: Wed, 23 Sep 2009 07:37:28 -0700 (PDT)
Message-ID: <714155.96558.qm@web45003.mail.sp1.yahoo.com>
To: public-bpwg@w3.org
All right, let us nail down the decisions from the last 
teleconference. The text of CT 1u is:
-----
H.1.2 Use of HTTP 403 Status

Servers should consider using an HTTP 403 Status if 
concerned that the security of a link that it assumed to
be private has been compromised (for example as a
result of the presence of a Via HTTP header in an
HTTPS request).
-----
The sentence is to be grammatically (first part), formally (HTTP header field), and semantically (Via fields do not
cause security issues, they reveal them) corrected to:
-----
Servers should consider using an HTTP 403 Status if concerned that the security of a link assumed to be
private has been compromised (for example, the lack of
privacy may be inferred from the presence of a Via HTTP
header field in an HTTPS request).
-----


E.Casais


      
Received on Wednesday, 23 September 2009 14:38:08 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:43:01 UTC