Re: ISSUE-16 (ArtB): AC: Add some rationale to the Introduction [Access Control] from Anne van Kesteren on 2007-09-20 (public-appformats@w3.org from September 2007)

From: Anne van Kesteren <annevk@opera.com>
Date: Thu, 20 Sep 2007 16:24:52 +0200
To: "WAF WG (public)" <public-appformats@w3.org>
Message-ID: <op.tyyibqx164w2qv@annevk-t60.oslo.opera.com>

On Thu, 20 Sep 2007 15:40:08 +0200, Anne van Kesteren <annevk@opera.com>  
wrote:
> I've added some rationale to the introduction. But I haven't yet  
> indicated how an implementation could potentially become less secure. I  
> suppose we could point out that naive implementations (and  
> specifications defining how to interact with this spec) will do all  
> kinds of information leakage such as port scanning because progress  
> events are dispatched etc. and that people should be cautious with that.  
> Hmm.

I made this a bit more clear in the security considerations section.


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>

Received on Thursday, 20 September 2007 14:25:01 UTC