Re: ISSUE-101 Create "visiting known site that is now malware" use case as per ACTION-275 from Ian Fette on 2007-10-10 (public-wsc-wg@w3.org from October 2007)

From: Ian Fette <ifette@google.com>
Date: Tue, 9 Oct 2007 18:17:06 -0700
To: "Serge Egelman" <egelman@cs.cmu.edu>
Cc: "Close, Tyler J." <tyler.close@hp.com>, public-wsc-wg@w3.org
Message-ID: <bbeaa26f0710091817s41592432m9d2480f74875c3a1@mail.gmail.com>
Serge, this isn't the first time I'm mentioning the Vicki use case, and I
have no idea what you're trying to show here. I said in my very first email
about the issue back on 8/3 that "This is slightly different than use case
19." (use case 19 being the Vicki use case). The difference between this and
the Vicki case is one of going to a new site vs going to a site with which
you have a previous interaction. As such, I was merely pointing out that the
two should probably be in the same general class of use cases in the
document.

On 10/9/07, Serge Egelman <egelman@cs.cmu.edu> wrote:
>
> Wait, are you saying that this new use case might overlap with an
> existing one?
>
> serge
>
> Ian Fette wrote:
> > I wonder if it doesn't fit with Installing? I.e. the Vicki use case
> > ("Vicki is interested in finding out more about art auctions in the
> > greater Boston area. She engages a search engine and tries to follow a
> > link there. Her web browser consults a reputation service which has
> > recorded that the link target will attempt to subvert the browser and
> > install malicious software.") is listed as identified source,
> > unidentified destination, installing. To me, the new use case seems like
> > identified source, identified destination (she goes to that site often),
> > installing.
> >
> > Although, to be honest, if someone disagrees it really doesn't matter to
> > me how it gets classified... it just seems to me that it's most similar
> > to the vicki case.
> >
> > -Ian
> >
> > On 10/9/07, *Close, Tyler J.* <tyler.close@hp.com
> > <mailto:tyler.close@hp.com>> wrote:
> >
> >     This use case is now at:
> >
> >     http://www.w3.org/2006/WSC/drafts/note/#any-iio-1
> >     <http://www.w3.org/2006/WSC/drafts/note/#any-iio-1>
> >
> >     It doesn't fit into our current categorization of
> >     Believing/Providing/Installing, since there is no user interaction,
> >     so I've just marked it "No interaction" and left it out of the
> >     category table.
> >
> >     --Tyler
> >
> >
> ------------------------------------------------------------------------
> >         *From:* public-wsc-wg-request@w3.org
> >         <mailto:public-wsc-wg-request@w3.org>
> >         [mailto:public-wsc-wg-request@w3.org
> >         <mailto:public-wsc-wg-request@w3.org>] *On Behalf Of *Mary Ellen
> >         Zurko
> >         *Sent:* Friday, September 28, 2007 8:49 AM
> >         *To:* public-wsc-wg@w3.org <mailto:public-wsc-wg@w3.org>
> >         *Subject:* ISSUE-101 Create "visiting known site that is now
> >         malware" use case as per ACTION-275
> >
> >
> >         After much discussion, and great work on the part of all
> >         participants to craft the most acceptable proposal, we are
> >         resolving this issue according to the results of the poll.
> >
> >         The final proposal for the use case is:
> >
> >         Betty tries to connect to a web site at
> >         <_http://www.example.com/>._ <http://www.example.com/%3E.>She
> >         visits this site frequently to read various news and articles.
> >         Since her last visit, the site example.com <http://example.com>
> >         has been compromised by some method, and visitors are now being
> >         infected with malware. At the time of the current request,
> >         Betty's user agent now has information saying that example.com
> >         <http://example.com> is a known bad site. What interaction, if
> >         any, should occur?
> >
> >         The poll results are:
> >
> >         Accept: 7
> >         (ian f, anil s, thomas r, johnathan n, dan s, audian p, phill
> h-b)
> >
> >         Abstain: 3
> >         (jan vidar k, cristian s, rachna d)
> >
> >         Against:: 2
> >         (tyler c, serge e)
> >
> >
> >         Absent a material error in the count, I declare concensus on
> >         this issue. The editors will add the use case to wsc-usecases,
> >         and add Ian Fette to acknowlegements.
> >
> >
> >         On a related note, I am sorry I was not around to give direct
> >         feedback to people when the discussion tone occasionally slipped
> >         out of the totally professional and respectful. I know everyone
> >         is capable of engaged and even handed discussion, even when they
> >         totally disagree with others, and that an occasional personal
> >         and private reminder can go a long way towards halting any slips
> >         that might occur.
> >
> >
> >
>
> --
> /*
> Serge Egelman
>
> PhD Candidate
> Vice President for External Affairs, Graduate Student Assembly
> Carnegie Mellon University
>
> Legislative Concerns Chair
> National Association of Graduate-Professional Students
> */
>
Received on Wednesday, 10 October 2007 01:17:20 UTC