Re: ACTION-253 - new recommendation proposal available for comment from Timothy Hahn on 2007-06-07 (public-wsc-wg@w3.org from June 2007)

From: Timothy Hahn <hahnt@us.ibm.com>
Date: Thu, 7 Jun 2007 07:13:49 -0400
To: public-wsc-wg@w3.org
Message-ID: <OFF77621A3.5C462C37-ON852572F3.003D129A-852572F3.003DB103@us.ibm.com>

Stephen,

I certainly didn't want to constrain the proposal to require an 
implementation to build or use a "flat" set of profiles.

I could even envision how the configuration could be built up of some 
cascading/over-riding/ordered set of profile chunks (think cascading style 
sheets or replacing whole sub-trees of a DOM tree).  But all of this would 
be an implementation detail or technique in my opinion.

As to the question about signed profiles, again, I think that is an 
implementaiton detail.

Regards,
Tim Hahn
IBM Distinguished Engineer

Internet: hahnt@us.ibm.com
Internal: Timothy Hahn/Durham/IBM@IBMUS
phone: 919.224.1565     tie-line: 8/687.1565
fax: 919.224.2530

Stephen Farrell <stephen.farrell@cs.tcd.ie> 
Sent by: public-wsc-wg-request@w3.org
06/07/07 06:56 AM

To
Timothy Hahn/Durham/IBM@IBMUS
cc
public-wsc-wg@w3.org
Subject
Re: ACTION-253 - new recommendation proposal available for comment

Timothy Hahn wrote:
> 
> Hi all,
> 
> Per ACTION-253, I have provided a write-up of this proposal here: 
> 
http://www.w3.org/2006/WSC/wiki/RecommendationDisplayProposals/BrowserLockDown 

> 
> 
> I believe this completes the action.

As at the f2f: I really like this. I reckon all more clever UA
proposals will depend on this being done, or else be very brittle.

One comment and one question:

This seems to call for "flat" profiles where each one specifies
all 7000 settings (at least implicitly).

Did you think about composable profiles? E.g. where a named profile
could be developed for say, active content (call that
active-content-bad) and another profile for TLS settings (call
that strict-pki), and then those might be composed, with a
few additional settings into what some banking site would like
(call that bigbank-preferred).

Essentially this is the moral equivalent of:

    $ cat bigbank-preferred.h

    #include <active-content-bad.h>
    #include <strict-pki.h>
    #define MORESTUFF
    ...

I guess the benefit would be that we could learn from one another
more easily and have more commonality, the cost is added complexity
that might (almost certainly would) turn into additional
vulnerabilities (mainly down to deliberate or accidental overriding
of selections probably).

That was the comment:-)

The question: Is there any way we can easily have these profiles
be digitally signed? (Without inventing a new protocol.) As a user
I'd like to be able to get 'em from local sysadmins, pals, the
bank itself etc and not have to make a leap-of-faith each time.
Unfortunately I think that is a new protocol. (Could we bend p3p
to do this or something? Does p3p include signatures nowadays?)

S.

Received on Thursday, 7 June 2007 11:14:11 UTC