W3C home > Mailing lists > Public > www-tag@w3.org > February 2010

RE: ACTION-278 Hiding metadata for security reasons - notes

From: Larry Masinter <masinter@adobe.com>
Date: Wed, 17 Feb 2010 10:25:05 -0800
To: Jonathan Rees <jar@creativecommons.org>, "www-tag@w3.org" <www-tag@w3.org>
CC: Tyler Close <tyler.close@gmail.com>
Message-ID: <C68CB012D9182D408CED7B884F441D4D87CC38@nambxv01a.corp.adobe.com>
If there is no security workshop scheduled, would someone
volunteer to ask public-web-security@w3.org for comments, 
moderate the discussion, and come back with a recommendation
agreeable to that group?

Does not have to be a TAG member. Tyler?

Larry
--
http://larry.masinter.net





-----Original Message-----
From: www-tag-request@w3.org [mailto:www-tag-request@w3.org] On Behalf Of Jonathan Rees
Sent: Tuesday, February 16, 2010 7:29 PM
To: www-tag@w3.org
Cc: Tyler Close
Subject: Re: ACTION-278 Hiding metadata for security reasons - notes

FWIW I scanned the correspondence on ACTION-278 in preparation for
Thursday's call. I can't say I've found enlightenment. But I did
compile some of the bits I thought were interesting and/or important;
see: http://www.w3.org/2001/tag/2010/02/action-278-notes.txt

(if someone wants to htmlify so that the links can be followed that
would be great)

I say *some* of the bits because certainly it leaves out many bits
that are important! It's in CVS so that others can add to it.
(Sometimes I wish we had a wiki.)

It appears there's consensus to change the finding, but not consensus
on how. I think more analysis is needed (remember Larry saying we
should continue in email?), especially regarding what CSRF defenses
need to look like, whether they do / can / should satisfy Larry's risk
mitigation and semi-confidentiality criteria.

Jonathan

Received on Wednesday, 17 February 2010 18:25:41 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:48:19 GMT