- From: Doug Schepers <schepers@w3.org>
- Date: Sat, 24 Oct 2009 01:34:13 -0400
- To: Adam Barth <w3c@adambarth.com>
- CC: Jonathan Rees <jar@creativecommons.org>, Maciej Stachowiak <mjs@apple.com>, "Mark S. Miller" <erights@google.com>, Anne van Kesteren <annevk@opera.com>, "Henry S. Thompson" <ht@inf.ed.ac.uk>, Jonas Sicking <jonas@sicking.cc>, Arthur Barstow <Art.Barstow@nokia.com>, public-webapps <public-webapps@w3.org>
Hi, Adam- Thanks for the reply. Adam Barth wrote (on 10/24/09 1:00 AM): > On Fri, Oct 23, 2009 at 5:29 PM, Doug Schepers<schepers@w3.org> wrote: >> That's an interesting point... if the proponents or opponents of CORS did >> more testing and modeling, would that satisfy concerns? Surely it couldn't >> be hard to set up a few common model architectures using CORS and announce >> them as targets for the white hat community? >> >> Mind you, I'm not stating one way or the other that this should be part of >> the exit criteria for CORS, just that it would be helpful overall, and >> frankly, if it hasn't been tried, I'm a little surprised... isn't this >> *exactly* the sort of thing Google, MS, the browser vendors, and the >> security community at large have the resources and expertise to do, as well >> as the incentive? Can a brother get a honeypot? > > This issues that Mark and co raise are not really the kinds of things > one can evaluate with a honeypot-type contest. They're worried about > what web developers will build if we give them CORS as a tool. Sorry for being dense, but why couldn't the whitehats build toy systems on an open honeynet? Regards- -Doug Schepers W3C Team Contact, SVG and WebApps WGs
Received on Saturday, 24 October 2009 05:34:33 UTC