W3C home > Mailing lists > Public > public-wsc-wg@w3.org > September 2007

Re: ISSUE-101: Create "visiting known site that is now malware" use case as per ACTION-275 [Note: use cases etc.]

From: Ian Fette <ifette@google.com>
Date: Tue, 11 Sep 2007 14:31:23 -0700
Message-ID: <bbeaa26f0709111431j255f32c2n69d7fc7c10bab517@mail.gmail.com>
To: "WSC WG" <public-wsc-wg@w3.org>

Well, although consensus was declared, in subsequent meetings we've
been going back and forth about this use case. Two main comments were
raised - one is that the use case was too specific re: blacklisting
(i.e. supposing the existence of a particular technology or method).
This is probably a valid concern and as I said I'm happy to re-write
the use case to address that concern. A second concern was seemingly
deeper, more fundamental, raised by Tyler in the call and in multiple
emails (I don't think I can really re-state it in a way that everyone
would agree with, so I will simply say that there were other concerns
raised by Tyler and leave it there).

At the last meeting (or last-1?) there was a straw poll done to see
how people felt about including the use case that has become Issue
101. (This is the malware use-case). It was a bunch of "Yes" and
"Don't care"'s with one No. I'd really like to come to a point where
we can move on.

The original use case proposed was this:

Betty tries to connect to a web site at <http://www.example.com/>. She
visits this site frequently to read various news and articles. Since
her last visit, the site example.com has been compromised by some
method, and visitors are now being infected with malware. A blacklist
used by her user agent has since listed example.com as a known bad
site, what warnings should Betty be presented with?

Destination Site
- Known, Prior visit
Navigation
- any
Intended interaction
- Information retrieval
Actual interaction
- software installation
Note

- This is slightly different than use case 19. It still deals with how
to present results obtained from reputation services, but in the case
of a user returning to a site that they believe to be "good" when that
site is now believed to be compromised.

I'm happy to change it to the following if it would make people happier:

Betty tries to connect to a web site at <http://www.example.com/>. She
visits this site frequently to read various news and articles. Since
her last visit, the site example.com has been compromised by some
method, and visitors are now being infected with malware. At the time
of the current request, Betty's user agent now has information saying
that example.com is a known bad site. What warnings should Betty be
presented with?

Destination Site
- Known, Prior visit
Navigation
- any
Intended interaction
- Information retrieval
Actual interaction
- software installation
Note
- This is slightly different than use case 19. It still deals with how
to present results obtained from reputation services, but in the case
of a user returning to a site that they believe to be "good" when that
site is now believed to be compromised.

This doesn't specifically mention blacklist, domain reputation
services, anything like that - it's just saying that the browser
somehow knows it's now a site that if Betty visits, bad things will
happen.

Do people prefer this new version? Or, more importantly, will this new
version change anyone's [tyler] votes? Can we move on?

-Ian

On 8/24/07, Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com> wrote:
>
> http://www.w3.org/2006/WSC/track/issues/101
>
> Over a week. I declare concensus.
>
> Tyler, please fold in.
>
> Please also add Ian's name to the acknowledgements.
>
>           Mez
>
> Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
> Lotus/WPLC Security Strategy and Patent Innovation Architect
>
>
Received on Tuesday, 11 September 2007 21:31:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:51 GMT