W3C home > Mailing lists > Public > public-wsc-wg@w3.org > March 2007

Re: ISSUE-20: Potential additions to Available Security Information

From: Johnathan Nightingale <johnath@mozilla.com>
Date: Mon, 26 Mar 2007 09:44:33 -0400
Message-Id: <E6AD24F2-1B66-4293-8BA0-09FE0902B8D9@mozilla.com>
To: Web Security Context WG <public-wsc-wg@w3.org>

No objection to the additions, though they start to get a little out  
of the "web" context when you talk about traceroute data. Maybe some  
catch-all is appropriate here, "Network diagnostic information (e.g.  
ping, traceroute, etc)" or equivalent?  Catch-alls are intrinsically  
non-exhaustive, but I would think it obvious that we mean  
"exhaustive" within some context.  Maybe not?

As for rephrasing the term in the first place, my only note would be  
that whatever we rephrase it to should continue to imply that this  
list is an important and comprehensive piece of work.  Honestly,  
section 7 is a reference I've already used multiple times in my own  
conversations - I think it's important that we persist in our efforts  
to keep it comprehensive.

Basically, my feeling is that the list could be a valuable  
deliverable on its own, and the kind of thing that is very much up  
the w3's alley.

Cheers,

Johnathan

---
Johnathan Nightingale
Human Shield
johnath@mozilla.com



On 26-Mar-07, at 9:28 AM, Web Security Context Issue Tracker wrote:

>
>
> ISSUE-20: Potential additions to Available Security Information
>
> http://www.w3.org/2006/WSC/Group/track/issues/20
>
> Raised by: Mary Ellen Zurko
> On product: Note: use cases etc.
>
> http://lists.w3.org/Archives/Public/public-usable-
> authentication/2007Mar/0032.html -
> In section 7, are you that confident that you can claim it's truly an
> exhaustive list? :)  For cookies, do you want to explicitly call  
> out "both
> those sent and server requests to store"?  DNS can also provide
> reverse-mapping addresses; if example.com has IP address 1.2.3.4, does
> 4.3.2.1.in-addr.arpa map to example.com? Also IP ping/traceroute  
> can show
> packet flows ("since when is Citibank HQ in Uzbekistan"?)  Also, IP/ 
> geo
> mapping facilities.  These aren't commonly done, but since you mention
> repuation service...
>
> We should probably rephrase the "exhaustive". Any pushback on the  
> suggested
> additions?
>
>
>
>
>
Received on Monday, 26 March 2007 13:46:06 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:46 GMT