[Fwd: Re: Content Transformatnion Guidelines: Last Call Working Draft ( LC-2085)] from Francois Daoust on 2009-10-22 (public-bpwg-comments@w3.org from October to December 2009)

From: Francois Daoust <fd@w3.org>
Date: Thu, 22 Oct 2009 12:48:32 +0200
To: public-bpwg-comments <public-bpwg-comments@w3.org>
Message-ID: <4AE03880.9050701@w3.org>

For archival.

-------- Original Message --------
Subject: Re: Content Transformatnion Guidelines: Last Call Working Draft 
( LC-2085)
Date: Wed, 21 Oct 2009 16:05:54 +0200
From: Thomas Roessler <tlr@w3.org>
To: fd@w3.org
CC: Mary-Ellen Zurko <mzurko@us.ibm.com>
References: <E1MvC3O-000332-DR@wiggum.w3.org>

On behalf of the Web Security Context WG, we're happy with the
disposition of our comment.

Regards,
--
Thomas Roessler, W3C  <tlr@w3.org>







On 6 Oct 2009, at 17:34, fd@w3.org wrote:

>
> Dear Thomas Roessler ,
>
> The Mobile Web Best Practices Working Group has reviewed the  
> comments you
> sent [1] on the Last Call Working Draft [2] of the Content  
> Transformation
> Guidelines 1.0 published on 1 Aug 2008. Thank you for having taken  
> the time
> to review the document and to send us comments!
>
> The Working Group's response to your comment is included below, and  
> has
> been implemented in the new version of the document available at:
> http://www.w3.org/TR/2009/WD-ct-guidelines-20091006/.
>
> Please review it carefully and let us know by email at
> public-bpwg-comments@w3.org if you agree with it or not before 6  
> November
> 2009. In case of disagreement, you are requested to provide a specific
> solution for or a path to a consensus with the Working Group. If  
> such a
> consensus cannot be achieved, you will be given the opportunity to  
> raise a
> formal objection which will then be reviewed by the Director during  
> the
> transition of this document to the next stage in the W3C  
> Recommendation
> Track.
>
> Thanks,
>
> For the Mobile Web Best Practices Working Group,
> Dominique Hazaël-Massieux
> François Daoust
> W3C Staff Contacts
>
> 1. http://www.w3.org/mid/20080829090132.GB224@iCoaster.does-not-exist.org
> 2. http://www.w3.org/TR/2008/WD-ct-guidelines-20080801/
>
>
> =====
>
> Your comment on 4.3.6.2 HTTPS Link Re-writing:
>> Dom,
>>
>> thanks for your request for review.
>>
>> With respect to the guidelines regarding the rewriting of HTTPS
>> URIs, we notice that any such rewriting will break any use of TLS
>> for authenticating the client to the server (e.g., use of TLS client
>> certificates). Similarly, any applications on top of HTTPS that rely
>> on TLS channel bindings would detect the proxy's intervention as an
>> attack, and lead to a broken user experience; see RFC 5056 for more
>> details about channel bindings.
>>
>> We recommend that you discuss this aspect with the IETF TLS Working
>> Group.
>>
>> Regards,
>
>
> Working Group Resolution (LC-2085):
> We agree and have added text that reflects your concerns and discussed
> with the IETF TLS Working Group:
> http://www.ietf.org/mail-archive/web/tls/current/msg02968.html
>
>
> ----
>
>
>

Received on Thursday, 22 October 2009 10:49:02 UTC