W3C home > Mailing lists > Public > www-talk@w3.org > January to February 2009

Re: Origin vs Authority; use of HTTPS (draft-nottingham-site-meta-01)

From: Adam Barth <w3c@adambarth.com>
Date: Mon, 23 Feb 2009 14:03:48 -0800
Message-ID: <7789133a0902231403l1198f05k34c5ca29006483be@mail.gmail.com>
To: Breno de Medeiros <breno@google.com>
Cc: Ben Laurie <benl@google.com>, Mark Nottingham <mnot@mnot.net>, Eran Hammer-Lahav <eran@hueniverse.com>, "www-talk@w3.org" <www-talk@w3.org>
On Mon, Feb 23, 2009 at 1:48 PM, Breno de Medeiros <breno@google.com> wrote:
> An application would have to use host-meta for a particular aim (e.g., a
> browser discovering default charsets) and implement the spec blindly without
> regard to security considerations.

Just because we can pass the buck to application-land doesn't mean we
should write a spec full of security land mines.

Adam
Received on Monday, 23 February 2009 22:04:24 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 October 2010 18:14:30 GMT