W3C home > Mailing lists > Public > public-wsc-wg@w3.org > April 2007

RE: ISSUE-27: [editorial?] techniques for content based detection

From: Close, Tyler J. <tyler.close@hp.com>
Date: Tue, 10 Apr 2007 20:50:27 -0000
Message-ID: <08CA2245AFCF444DB3AC415E47CC40AF9A36AE@G3W0072.americas.hpqcorp.net>
To: "Web Security Context WG" <public-wsc-wg@w3.org>

 

> ISSUE-27: [editorial?] techniques for content based detection
> 
> http://www.w3.org/2006/WSC/Group/track/issues/27
> 
> Raised by: Thomas Roessler
> On product: Note: use cases etc.
> 
> In "content based detection", the note suggests that 
> techniques we don't want to look at include "comparing the 
> served URLs, graphics or markup to known legitimate sites, or 
> to known attacks." On the face of it, that sentence would 
> even suggest that comparing a URI to one that has been 
> visited is out of scope.
> I believe that simply striking the text from "These 
> techniques include", through "to known attacks" would clarify 
> this paragraph greatly, without changing the intended meaning 
> in a significant way.
> 
> I suggest this is an editorial change.

I see your point about the tension between In scope section "Historical
browsing information" and Out of scope section "Content based
detection". I'm nervous about covering up this tension by making the
section more vague about what it intends.

Perhaps a better cut is distinguishing between known good content versus
possibly bad content. For example, rephrasing:

"These techniques include comparing the served URLs, graphics or markup
to known legitimate sites, or to known attacks."

to:

"These techniques include comparing the served URLs, graphics or markup
to known attacks."

Tyler
Received on Tuesday, 10 April 2007 20:51:27 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:46 GMT