W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > January to March 2002

Re: WebDAV and Open Pluggable Edge Services

From: Roy T. Fielding <fielding@apache.org>
Date: Wed, 20 Mar 2002 20:39:46 -0800
To: Lisa Dusseault <ldusseault@xythos.com>
Cc: w3c-dist-auth@w3.org
Message-ID: <20020320203946.A2645@waka.wakasoft.com>
On Wed, Mar 20, 2002 at 06:04:28PM -0800, Lisa Dusseault wrote:
> I don't think you understand.  If I'm sitting inside a large company, trying
> to author a page from a site that's out on the internet, that page may
> already be subject to transformations from transparent edge services.  For
> example, the company firewall may be filtering viruses downloaded via HTTP.

I don't think that DAV clients should be able to bypass that one, but they
can via a tunnel.

> More insidious, if I get my internet service from a struggling ISP, they
> could replace banner ads on incoming messages with their own banner ads.

I don't think people will allow banner ads to be edited through anything
less secure than a VPM or SSL tunnel, for obvious reasons.

> The OPES WG at the IETF is dealing with these issues directly.  The IAB has
> suggested that edge services should not be transparent -- that clients must
> explicitly ask for edge services.  However, even an IETF demand for there
> not to be transparent edge services isn't a guarantee that there won't be
> any.  You could say that the authoring issues are an argument against
> encouraging transparent edge services, but those issues certainly don't make
> transparent edge services not exist.

I wouldn't argue that at all.  What you should consider, however, is that
if there is a plain HTTP mechanism for routing requests unmolested through
an interception device (which is not called an edge service), then what
makes you think that only DAV clients would want to use it?  And, once that
happens, why would the molesters honor the plain HTTP mechanism?

....Roy
Received on Wednesday, 20 March 2002 23:43:19 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:00 GMT