W3C home > Mailing lists > Public > www-svg@w3.org > August 2003

Re: [www-svg] network

From: Robin Berjon <robin.berjon@expway.fr>
Date: Mon, 18 Aug 2003 19:59:19 +0200
Message-ID: <3F4113F7.3070505@expway.fr>
To: Randy Nonay <randy.nonay@net-linx.com>
Cc: www-svg@w3.org

Randy Nonay wrote:
>   This argument smacks of using logic in the form of "everything else is flawed, so
> why should we bother to fix the error?".
> 
>   If you walked upto a bridge and saw 50 people jumping off, to certain death, would
> you jump too??
> 
>   The logic that allowing SVG to open up the same issues as Outlook, and not being
> concerned about it makes it seem that the proper answer to the above question would
> be "yes". I have to disagree...
> 
>   And "user training" to prevent the spread of a virus? Just take a look around at
> how effective it has been in stopping all those worms that _require_ the user to
> execute them to become infected...  This is simply not a realistic solution. The
> solution _must_ be in the form of making such an attack impossible through SVG,
> rather than counting on the intelligence/wisdom of users.

This is not what I have said. I think it is important to separate the real 
issues from the fake ones. Adding connection support does not open up the 
ability to write viruses, and it does not affect the ability to perform DDoS 
more than HTML+script does, something that hasn't happened.

No, I am not satisfied with simpler "user training". I just wish this discussion 
to focus on the real security issues, as Thomas has done, rather than on 
frightening ones that are either not real in this situation or not new regarding 
what can currently be done in HTML within a browser.

-- 
Robin Berjon <robin.berjon@expway.fr>
Research Engineer, Expway        http://expway.fr/
7FC0 6F5F D864 EFB8 08CE  8E74 58E6 D5DB 4889 2488
Received on Monday, 18 August 2003 13:59:25 GMT

This archive was generated by hypermail 2.3.1 : Friday, 8 March 2013 15:54:25 GMT