Re: Conventions for Sharing User Agent Profiles from Shel Kaphan on 1996-08-14 (ietf-http-wg@w3.org from July to September 1996)

From: Shel Kaphan <sjk@amazon.com>
Date: Wed, 14 Aug 1996 12:33:25 -0700 (PDT)
To: Jeffrey Mogul <mogul@pa.dec.com>
Cc: Shel Kaphan <sjk@amazon.com>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <199608141933.MAA01244@iguana.amazon.com>

Jeffrey Mogul writes:
 >     Also, the bit about the signing of the profiles might need a little
 >     thought, because it isn't necessarily the vendor that you want to
 >     have being responsible for the profile.  Vendors might be less
 >     likely to note bugs or count them as worth including.
 >     
 > The vendor is an obvious choice, both because the browser vendor
 > has an obvious incentive to keep the user relatively happy (at
 > least, until the browser market is back to being dominated by
 > a single vendor!) and because if you don't trust the vendor
 > who gave you the browser binary in the first place, you can't
 > really trust anything done with a browser profile.
 > 

There's trust, and then there's trust.  While I (browser user) may
trust a browser vendor enough to give me a browser I can use safely
without trashing my filesystem (e.g.), I (service provider) may not
*believe* everything a browser vendor says about the capability of
their browser.  For instance, a browser vendor might want to advertise
they are fully compatible with the latest version of Netscape, when in
fact, there are numerous niggly details about their rendering choices
that are not done in the same way, and that might not even be noticed by
the vendor themselves.  Signature authorities would certainly provide
a nice level of guarantee, but I think that "relatively trustworthy"
DNS servers referring to relatively trustworthy profile servers
would be ok most of the time -- this seems to be very similar in
character to other kinds of DNS spoofing and so should be solved by
similar methods (whatever they are).

 > It would not be too much of a stretch to imagine that a browser
 > would accept updates signed by either the original vendor or
 > by one of a predetermined set of trustworthy parties, such as
 > CERT or perhaps well-established support vendors (e.g., Cygnus
 > or Digital).  There's no reason (except logistics) to limit this
 > to a single signature authority.
 > 
 > -Jeff
 > 
 > 

I agree.
--Shel

Received on Wednesday, 14 August 1996 12:36:25 UTC