- From: <fd@w3.org>
- Date: Tue, 06 Oct 2009 15:34:19 +0000
- To: EdPimentl <edpimentl@gmail.com>
- Cc: public-bpwg-comments@w3.org,fd@w3.org
Dear EdPimentl , The Mobile Web Best Practices Working Group has reviewed the comments you sent [1] on the Last Call Working Draft [2] of the Content Transformation Guidelines 1.0 published on 1 Aug 2008. Thank you for having taken the time to review the document and to send us comments! The Working Group's response to your comment is included below, and has been implemented in the new version of the document available at: http://www.w3.org/TR/2009/WD-ct-guidelines-20091006/. Please review it carefully and let us know by email at public-bpwg-comments@w3.org if you agree with it or not before 6 November 2009. In case of disagreement, you are requested to provide a specific solution for or a path to a consensus with the Working Group. If such a consensus cannot be achieved, you will be given the opportunity to raise a formal objection which will then be reviewed by the Director during the transition of this document to the next stage in the W3C Recommendation Track. Thanks, For the Mobile Web Best Practices Working Group, Dominique Hazaël-Massieux François Daoust W3C Staff Contacts 1. http://www.w3.org/mid/9dc4a1670808040542l2f255480w7124e632524d6c02@mail.gmail.com 2. http://www.w3.org/TR/2008/WD-ct-guidelines-20080801/ ===== Your comment on 4.1.5 Alteration of HTTP Header Values: > The styleguide should spell out very clearly "The Transcoder is NOT > allowed to change the User-Agent String". Working Group Resolution (LC-2005): Section 4.1.5 on alteration of HTTP Header Field Values remains substantially as in the previous version of the document, but has been reinforced by saying that proxies must not delete headers and that is must be possible for the server to reconstruct the original User Agent originated headers by using the X-Device-* HTTP header fields: http://www.w3.org/TR/2009/WD-ct-guidelines-20091006/Overview.html#sec-altering-header-values We have strengthened section 4.2.6 Receipt of Vary HTTP Header Field: http://www.w3.org/TR/2009/WD-ct-guidelines-20091006/Overview.html#sec-receipt-of-vary-header We have also introduced new guidelines in section 4.2.2 User Preferences that forces proxies to provide a means for users to express their preferences for inhibiting content transformation: http://www.w3.org/TR/2009/WD-ct-guidelines-20091006/Overview.html#sec-administrative-arrangements In addition, we have updated the conformance section to state that Transformation Deployments that choose to claim conformance with these guidelines need to spell out the circumstances in which they deviate from "should" clauses by providing a conformance statement that comes as a separate document referenced by the guidelines: http://www.w3.org/TR/2009/WD-ct-guidelines-20091006/Overview.html#sec-transformation-deployment-conformance ---- Your comment on 4.1.5.5 Original Headers: > Original headers MUST not be changed (User-Agent string has a special > place, but also the UAProf x-wap-profile is very very relevant). Working Group Resolution (LC-2006): The text surrounding which HTTP request headers can be altered and under what circumstances has been tightened up in another part of 4.1.5. However, section 4.1.5.5 remains - because if request headers have been altered, for whatever reason, it is useful for website technicians to be able to see the complete and original information from the device so that they can find out what is happening. The updated text is available at: http://www.w3.org/TR/2009/WD-ct-guidelines-20091006/Overview.html#sec-original-headers ---- Your comment on 4.2 Server Response to Proxy: > The use of MUST on the CTG when referring to the role of the server > should not be allow, since irresponsible transcoding companies will use > this to disrupt service and destroy the user experience set us back many > years. > We can accept RECOMMENDED, and only RECOMMENDED. Working Group Resolution (LC-2007): We agree and have removed the "Content Deployment" class of product. All normative statements that previously applied to content deployments are now listed in an "Informative Guidance for Origin Servers" non-normative appendix at the end of the document. The updated definition of classes of product is available at: http://www.w3.org/TR/2009/WD-ct-guidelines-20091006/Overview.html#sec-classes-of-product The non-normative appendix for origin servers is available at: http://www.w3.org/TR/2009/WD-ct-guidelines-20091006/Overview.html#d2e1536 ---- Your comment on 4.3.6.2 HTTPS Link Re-writing: > I am the founder of Goowallet a Mobile Banking / Payment private label > service provider > > After reading the Last Call comments we are very concern that many of > these recommendations will seriously impact security, privacy and > trust. > > We are therefore 100% oppose to allowing Disrupting HTTPS they way > transcoder do today is probably illegal and certainly unethical. HTTPS > is built to guarantee end2end security. > Breaking end2end security is probably illegal. > Men in the Middle/Interfering with HTTPS should not be permissible > under any circumstances. > Making(allowing) it possible for an Operator to now attempt to > dismantle the security of the internet in favor of transcoding, will > seriously and significantly and negatively impact the banking and > financial industry. > Data protection rules and regulations. If allow, this will also impact > the national security of all law abiding nations. Working Group Resolution (LC-2004): We agree and have added text to this section that goes some way to addressing your concern. ----
Received on Tuesday, 6 October 2009 15:49:34 UTC