- From: Thomas Roessler <tlr@w3.org>
- Date: Wed, 27 Aug 2008 18:22:43 +0200
- To: public-wsc-wg@w3.org
Here's a draft comment. I'm checking with Jeff Altman (who has been doing some work at the IETF on channel bindings), and may have an updated version. Please share any objections; I'm planning to send the comment some time tomorrow. Thanks, -- Thomas Roessler, W3C <tlr@w3.org> ----- Forwarded message from Thomas Roessler <tlr@w3.org> ----- From: Thomas Roessler <tlr@w3.org> To: Dominique Hazael-Massieux <dom@w3.org> Cc: Mary_Ellen_Zurko@notesdev.ibm.com, public-wsc-wg@w3.org Subject: Re: Content Transformatnion Guidelines: Last Call Working Draft Bcc: roessler@does-not-exist.org Dom, thanks for your request for review. With respect to the guidelines regarding the rewriting of HTTPS URIs, we notice that any such rewriting will break any use of TLS for authenticating the client to the server (e.g., use of TLS client certificates). Similarly, any applications on top of HTTPS that rely on TLS channel bindings would detect the proxy's intervention as an attack, and lead to a broken user experience; see RFC 5056 for more details about channel bindings. We recommend that you discuss this aspect with the IETF TLS Working Group. Regards, -- Thomas Roessler, W3C <tlr@w3.org> +33-4-89063488 On 2008-08-05 13:52:01 +0200, Dominique Hazael-Massieux wrote: > From: Dominique Hazael-Massieux <dom@w3.org> > To: Mary_Ellen_Zurko@notesdev.ibm.com, tlr <tlr@w3.org> > Cc: chairs <chairs@w3.org> > Date: Tue, 05 Aug 2008 13:52:01 +0200 > Subject: Re: Content Transformation Guidelines: Last Call Working Draft > X-Spam-Level: > Organization: W3C > X-Bogosity: Ham, tests=bogofilter, spamicity=0.395700, version=1.1.6 > > Hello Web Security Context WG Chair and Staff Contact, > > We would like to extend our invitation below to review the Content > Transformation Guidelines to the Web Security Context Working Group, in > particular on the guidelines regarding the rewriting of HTTPS URIs: > http://www.w3.org/TR/2008/WD-ct-guidelines-20080801/#sec-https-link-rewriting > > Thanks, > > Dom > > Le vendredi 01 août 2008 à 18:31 +0200, Dominique Hazael-Massieux a > écrit : > > The W3C Mobile Web Best Practices Working Group has been developing a > > set of guidelines for Content Transformation proxies (i.e. non > > transparent HTTP proxies) to address some of the needs identified in > > particular on mobile networks. > > > > These guidelines have just been published as a Last Call Working Draft: > > http://www.w3.org/TR/2008/WD-ct-guidelines-20080801/ > > > > The Last Call review period extends until September 16, and we would be > > grateful if your group could review the document, in particular: > > * for the TAG, since the document relates to its issue > > genericResources-53 and its accompanying finding > > http://www.w3.org/2001/tag/doc/alternatives-discovery (the BPWG will > > send comments on that finding next week) > > * for the HTML and XHTML2 Working Groups, since the document makes use > > of the (X)HTML link element to give hints on content transformation > > proxies > > * for the WebApps Working Group, since the document has some provision > > on specific behavior for XmlHTTPRequest type of requests (as highlighted > > by one of our own comments on the XmlHTTPRequest spec: > > http://lists.w3.org/Archives/Public/public-webapi/2008May/0064.html ) > > * for the HyperText CG, as the official point of liaison with the Open > > Mobile Alliance which might want to submit a review on the document > > given its implications on the mobile ecosystem > > > > (the Working Group is also requesting a review from the IETF HTTPBis > > Working Group [1], and will do as well with targeted mobile web > > developers communities which have been vocal on that topic). > > > > If your group wants to submit a review but is unable to provide it in > > that timeframe, please let us know so that we can determine a possible > > extension of the review period. > > > > Thanks, > > > > Dominique Hazael-Massieux, Staff Contact of the Mobile Web Best > > Practices Working Group > > > > 1. http://lists.w3.org/Archives/Public/ietf-http-wg/2008JulSep/0213.html > > > > ----- End forwarded message -----
Received on Wednesday, 27 August 2008 16:23:48 UTC