On Sun, Feb 23, 2014 at 6:58 PM, Mitar <mmitar@gmail.com> wrote: > Hi! > > On Sat, Feb 22, 2014 at 1:09 PM, Glenn Adams <glenn@skynav.com> wrote: > > That is how UAs work today already, so there is no requirement to state > that > > the UA is ultimately in control (of what policies are applied or not > > applied). Removing the "recommendation" doesn't alter this situation. > > But it is useful to specify that again and again, to not forget, to > not leave space for doubt. If UAs already work like that, great, just > standardize that and it will be easy for UAs to comply with the > standard. > Because a consensus doesn't exist on what a UA must do. Because in such a case, it is traditional and typical to explicit leave it unspecified. I can assure you that not all UAs will adopt the position of ignoring CSP in the case of extensions/add-ons. In fact, I'm aware of a downstream specification that mandates that UAs (that comply with that specification) must enforce CSP policies, modulo explicit override by end user, in the case of extensions/add-ons. Given there will be different choices made in building and deploying different UAs, it would be presumptuous to choose only one approach. > > > Mitar > > -- > http://mitar.tnode.com/ > https://twitter.com/mitar_m >
Received on Monday, 24 February 2014 05:48:00 UTC