- From: Graham Klyne <GK@ninebynine.org>
- Date: Sun, 19 Nov 2006 16:35:37 +0000
- To: Bjoern Hoehrmann <derhoermi@gmx.net>, uri@w3.org, uri-review@ietf.org
Bjoern Hoehrmann wrote: > * Graham Klyne wrote: >> I have rather mixed feelings about this proposal. >> [...] > > I just re-read this thread and I still do not see how I could change the > draft to address the concerns you have raised. Could you propose changes > you would like me to make? I wish I could. My hope was that some clearer consensus would emerge out of the ensuing discussion. The best I can suggest right now is to add a note under security considerations to the concern you responded to here: http://lists.w3.org/Archives/Public/uri/2006Nov/0067.html E.g. [[ Very great care should be taken with Javascript URIs whose execution can cause side effects. There are circumstances in which URIs may be used in the full expectation that simply dereferencing it does not cause any obligation to be incurred (cf. http://www.w3.org/TR/2004/REC-webarch-20041215/#safe-interaction), and care may be needed to ensure that simply resolving the URI in such situations does not violate the expectations for "safe" interactions (in the sense of RFC2616, section 9.1.1). ]] Otherwise, having raised the issue for discussion, and made what points I feel I can, I'm not inclined to argue the case further. I hope this helps. #g -- Graham Klyne For email: http://www.ninebynine.org/#Contact
Received on Sunday, 19 November 2006 17:09:38 UTC