- From: Adrien de Croy <adrien@qbik.com>
- Date: Tue, 27 Jan 2009 14:34:27 +1300
- To: Adam Barth <w3c@adambarth.com>
- CC: Mark Nottingham <mnot@mnot.net>, "Roy T. Fielding" <fielding@gbiv.com>, Larry Masinter <LMM@acm.org>, ietf-http-wg@w3.org, Lisa Dusseault <ldusseault@commerce.net>
Adam Barth wrote: > On Mon, Jan 26, 2009 at 4:40 PM, Adrien de Croy <adrien@qbik.com> wrote: > >>> In a sense, the same argument could be advanced about any browser >>> feature (CSS, <canvas>, etc). This shouldn't stop us from innovating. >>> >> this is security we're talking about though, not additional nice-to-have >> features. Again, we still need to secure all users, and can't wait until >> deployment of some new header. >> > > It is impossible to secure all the users who visit your Web site. You > cannot secure users with IE5 or Firefox 1.0, for example. Moreover, > the header provides incremental value while it is being deployed. > > Do you have any more information on this you could refer me to? I find it hard to believe that there can be no security scheme which would be browser-independent. Regards Adrien -- Adrien de Croy - WinGate Proxy Server - http://www.wingate.com
Received on Tuesday, 27 January 2009 01:32:18 UTC