W3C home > Mailing lists > Public > www-tag@w3.org > December 2003

Re: Section on https

From: <noah_mendelsohn@us.ibm.com>
Date: Fri, 5 Dec 2003 10:44:51 -0500
To: "Roy T. Fielding" <fielding@gbiv.com>
Cc: Tim Bray <tbray@textuality.com>, Tim Berners-Lee <timbl@w3.org>, "'www-tag@w3.org'" <www-tag@w3.org>
Message-ID: <OFFD586B22.7B357D87-ON85256DF3.00568DB3@lotus.com>

FWIW, when and if the TAG does decide to tackle the https issue I think it 
would be worth a brief cross reference to the metadata in URI discussion, 
and the whole URI opacity question.    For knowledgeable users, seeing in 
advance that a URI uses https is at least a strong hint that communication 
will be at least somewhat secure against certain attacks.  By the way, I 
tend to agree with Roy's position on the underlying issue, and I don't 
think that sticking with a scheme-based approach contradicts anything the 
tag has said in the metadata in URI discussion.  I'm merely suggesting 
that, as you resolve the https: question now or in the future, it would be 
worth clarifying the senses in which the URI is opaque vs. transparent, 
and explaining that it is appropriate to some extent for a human or 
machine user of the resource to infer security characteristics by 
inspection of the URI.

--------------------------------------
Noah Mendelsohn 
IBM Corporation
One Rogers Street
Cambridge, MA 02142
1-617-693-4036
--------------------------------------
Received on Friday, 5 December 2003 10:52:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:47:23 GMT