- From: Thomas Roessler <tlr@w3.org>
- Date: Fri, 8 Dec 2006 19:54:41 +0100
- To: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
- Cc: public-wsc-wg@w3.org
Well, in looking at security context information (and how to present it), we might arrive at the conclusion that there is just nothing useful out there in some particular circumstance. That conclusion would be something to document. On the other hand, I agree that the charter doesn't even go near specifying any kind of sophisticated, IDS-like processing of context information. Cheers, -- Thomas Roessler, W3C <tlr@w3.org> On 2006-12-08 08:22:10 -0500, Mary Ellen Zurko wrote: > From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com> > To: Thomas Roessler <tlr@w3.org> > Cc: public-wsc-wg@w3.org > Date: Fri, 8 Dec 2006 08:22:10 -0500 > Subject: Re: What problems are we trying to solve? > X-Spam-Level: > > > when I had first seen your list, I had read that point with an > > emphasis on "discovered an attack", and had thought of heuristic > > techniques, IDS-like stuff, and so on. > > Yes, that aspect too is out of scope. > > > I do think that discussion on how user agents ought to react to > > failures of security protocols is in scope -- the prime example here > > being the MITM detection in SSL which is subverted by giving users > > an override button that they'll of course push. > > It's my understanding that the charter defines our scope (our goals can be > more targetted than the scope allows for). Is my understanding wrong? If > not, what part of the charter supports that? > Mez >
Received on Friday, 8 December 2006 18:54:29 UTC