RE: TAG preparing to approve finding "Client handling of MIME hea ders"

Ian,

A couple of comments and a couple of typo's.

"3 Why MIME headers are authoritative"
3rd bullet in list "The resource owner communicates the meaning of the
resource with bits...". I would much prefer "The resource owner communicates
the state of the resource with bits...". There is probably a much deeper
philopsophical discussion about how the resource owner communicates the
meaning of the resource.

"4 Why user agent behaviour..."
1) 2nd example of potential security violation - Client side script
execution. This one doesn't feel very compelling, depending on where the
data that was intended to remain behind the firewall came form. If it is
visible in the representation (view source!) then surely the fundemental
security error is not in the browser executing the script, but in letting
the information out beyond the firewall in the first place. If the script
accesses other places for the 'secure' information, then there need to be
adequate access control to protect the info. Maybe I have misunderstood the
scenario.

Typos:
"1 Summary of Key Points" 2nd paragraph 
s/pose/poses/

"4 Why user agent behaviour..." Para after 2616 excerpt:
s/when not/when no/

Stuart
--

> -----Original Message-----
> From: Ian B. Jacobs [mailto:ij@w3.org] 
> Sent: 1 July 2003 23:19
> To: www-tag@w3.org
> Subject: TAG preparing to approve finding "Client handling of 
> MIME headers"
> 
> 
> 
> Hello,
> 
> As discussed at the TAG's 30 June 2003 teleconference
> (minutes [0]), the TAG is preparing to approve the
> 25 June 2003 draft finding "Client handling of 
> MIME headers" [1]. If you have any comments on this
> draft, please send them to www-tag before 7 July.
> 
> Thank you,
> 
>  _ Ian
> 
> [0] http://www.w3.org/2003/06/30-tag-summary.html
> [1] http://www.w3.org/2001/tag/doc/mime-respect-20030625
> -- 
> Ian Jacobs (ij@w3.org)   http://www.w3.org/People/Jacobs
> Tel:                     +1 718 260-9447
> 

Received on Monday, 7 July 2003 12:54:24 UTC