CTG: current discussions from Eduardo Casais on 2009-11-09 (public-bpwg-comments@w3.org from October to December 2009)

From: Eduardo Casais <casays@yahoo.com>
Date: Mon, 9 Nov 2009 09:56:05 -0800 (PST)
To: public-bpwg-comments@w3.org
Message-ID: <827237.27190.qm@web45006.mail.sp1.yahoo.com>

A couple of quick points about the remarks by Jo Rabin.

> Since we don't know how to do it, I question the value in
> making a normative provision that seems to be non-testable.

When the issue was discussed originally, the proposal to 
prescribe white lists was rejected on the ground that it forced
the utilization of a specific mechanism. Now leaving the 
freedom to proxies to determine which mechanism allows
URL to be excluded from rewriting is rejected on the grounds
it is not testable. This feels like a case of "damn if you do, 
damn if you don't."

The statement about non-testability is inexact: it is testable as
 to its effects in terms of inputs - outputs, just not specified as
to the algorithm. And besides, it is in line with 
a) the requirement that users must be able to express their
preferences (mechanisms are unspecified):
b) the requirement that testing interfaces be provided (form 
of the interface is unspecified).

> I think there is already sufficient normative wording
> regarding the requirement for a conforming proxy to insert 
> a Via header, so that applications for which this is important
> are able to detect the presence of a conforming proxy.

As the CTG mentions, this is not a fail-safe approach. It also
only gives the following choice for secure services:
1. Reject the interference of the transformation proxy and 
provide no service at all to the end-user.
2. Accept the interference of the transformation proxy.

The proposal provides for another, arguably more satisfactory
possibility:
3. Provide the original, untransformed, but also end-to-end 
secure service.

> However at some point (now) we need to ship a document -
> so the question is: "Is the current version of the document
> good enough to ship?", not "Is it perfect?" or "Could it be
> improved?".

I wish the document could be finalized (the sooner the better).
However, in the absence of a roadmap for its maintenance, as
well as little visibility as to the continuity of the BPWG group
and its charter, this means that, from the perspective of the
Internet community, the present version of the CTG will
constitute the last word on the topic. Being forward-looking
appears therefore to be necessary at this stage.

E.Casais

Received on Monday, 9 November 2009 17:56:39 UTC