Re: ACTION-333 OPEN Elaborate on ISSUE-4 Stephen Farrell 2007-11-13 from Stephen Farrell on 2007-11-26 (public-wsc-wg@w3.org from November 2007)

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Mon, 26 Nov 2007 18:06:49 +0000
To: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
CC: W3 Work Group <public-wsc-wg@w3.org>
Message-ID: <474B0B39.1030009@cs.tcd.ie>

Another one, this time the original mail [1] related
to thinking about FTP related vulnerabilities. For
an example of one such see [2].

I would imagine that there'd be similar issues with
imap: and other URI schemes (e.g. the sms: scheme
that's wending its way through the IETF [3] ;-).

Looking at wsc-xit it doesn't seem to say much at all
about de-referencing URIs other than HTTP URIs.

I would guess at minimum we might include a section
with whatever guidance we manage to gather about
other URI schemes (i.e. other than http:).

There may also be something to say about mixed
content here, e.g. if a bad guy could use some other
scheme to get from A to B (via ftp://foo) without
the user seeing the right security indicators.

Yet again, I don't have text to offer;-)

S.

[1] http://www.w3.org/2006/WSC/track/issues/4
[2] http://www.securityfocus.com/bid/23089/info
[3] http://www.ietf.org/internet-drafts/draft-wilde-sms-uri-13.txt

Mary Ellen Zurko wrote:
> 
> If you don't manage the due date of the action item so that it's not 
> overdue, it will be close due to inactivity.
> 
>           Mez
> 
> Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
> Lotus/WPLC Security Strategy and Patent Innovation Architect
> 
> 
> 
> From:	Mary Ellen Zurko/Westford/IBM
> To:	stephen.farrell@cs.tcd.ie
> Date:	11/16/2007 08:33 AM
> Subject:	ACTION-333 OPEN Elaborate on ISSUE-4 Stephen Farrell 2007-11-13
> 
> 
> ------------------------------------------------------------------------
> 
> 
> Please complete this action item asap. If you won't be able to in the 
> next couple of days, please update it with a date that you will actually 
> make.
> 
> _ACTION-333_ <http://www.w3.org/2006/WSC/track/actions/333>	OPEN 
> _Elaborate on ISSUE-4_ <http://www.w3.org/2006/WSC/track/actions/333> 
> Stephen Farrell	2007-11-13
> 
> 
> 
> 
>           Mez
> 
> Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
> Lotus/WPLC Security Strategy and Patent Innovation Architect
> 
> 
>

Received on Monday, 26 November 2007 18:07:11 UTC