On 2/23/09 11:46 AM, "Adam Barth" <w3c@adambarth.com> wrote: > Reality is not as binary as you imply. There are a spectrum of threat > models corresponding to different attacker abilities. Exactly! And I am already aware of one effort looking to add a trust layer to host-meta. Your suggestion of competing solutions fails simple test. It is easier to make the use of host-meta more restrictive (perhaps as you suggested) than invent a completely new one. Nothing in host-meta prevents you from implementing these restrictions (content type, redirections). By itself, host-meta includes no sensitive information or anything that can pose a threat. That will come from applications using it as a facility, just like they use HTTP. We view standards architecture in a very different way. I want to create building blocks and only standardize where there is an overwhelming value in posing restrictions. EHLReceived on Monday, 23 February 2009 20:05:15 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:38:52 GMT