- From: Francois Daoust <fd@w3.org>
- Date: Mon, 16 Nov 2009 13:49:45 +0100
- To: EdPimentl <edpimentl@gmail.com>
- CC: public-bpwg-comments@w3.org
Dear Ed, The Last Call review period for the Guidelines for Web Content Transformation Proxies is over and we have not yet heard from you. We were wondering whether you had time to review the response to your comments below and the updated document, and whether you could let us know if you agree with it or not via email. The header of the previous email was generated from a template that did not give us the opportunity to apologize for the time it took us to get back to you. Comments received during the first Last Call review period generated a lot of discussions within the group. Resolutions of the issues took more time than expected. The group thinks the document has quite improved as a consequence, apologizes for the delay and would like to thank you again for your contribution! Thanks, For the Mobile Web Best Practices Working Group, Francois Daoust, W3C Staff Contact. fd@w3.org wrote: > Dear EdPimentl , > > The Mobile Web Best Practices Working Group has reviewed the comments you > sent [1] on the Last Call Working Draft [2] of the Content Transformation > Guidelines 1.0 published on 1 Aug 2008. Thank you for having taken the time > to review the document and to send us comments! > > The Working Group's response to your comment is included below, and has > been implemented in the new version of the document available at: > http://www.w3.org/TR/2009/WD-ct-guidelines-20091006/. > > Please review it carefully and let us know by email at > public-bpwg-comments@w3.org if you agree with it or not before 6 November > 2009. In case of disagreement, you are requested to provide a specific > solution for or a path to a consensus with the Working Group. If such a > consensus cannot be achieved, you will be given the opportunity to raise a > formal objection which will then be reviewed by the Director during the > transition of this document to the next stage in the W3C Recommendation > Track. > > Thanks, > > For the Mobile Web Best Practices Working Group, > Dominique Hazaël-Massieux > François Daoust > W3C Staff Contacts > > 1. > http://www.w3.org/mid/9dc4a1670808040542l2f255480w7124e632524d6c02@mail.gmail.com > 2. http://www.w3.org/TR/2008/WD-ct-guidelines-20080801/ > > > ===== > > Your comment on 4.1.5 Alteration of HTTP Header Values: >> The styleguide should spell out very clearly "The Transcoder is NOT >> allowed to change the User-Agent String". > > > Working Group Resolution (LC-2005): > Section 4.1.5 on alteration of HTTP Header Field Values remains > substantially as in the previous version of the document, but has been > reinforced by saying that proxies must not delete headers and that is must > be possible for the server to reconstruct the original User Agent > originated headers by using the X-Device-* HTTP header fields: > http://www.w3.org/TR/2009/WD-ct-guidelines-20091006/Overview.html#sec-altering-header-values > > We have strengthened section 4.2.6 Receipt of Vary HTTP Header Field: > http://www.w3.org/TR/2009/WD-ct-guidelines-20091006/Overview.html#sec-receipt-of-vary-header > > We have also introduced new guidelines in section 4.2.2 User Preferences > that forces proxies to provide a means for users to express their > preferences for inhibiting content transformation: > http://www.w3.org/TR/2009/WD-ct-guidelines-20091006/Overview.html#sec-administrative-arrangements > > In addition, we have updated the conformance section to state that > Transformation Deployments that choose to claim conformance with these > guidelines need to spell out the circumstances in which they deviate from > "should" clauses by providing a conformance statement that comes as a > separate document referenced by the guidelines: > http://www.w3.org/TR/2009/WD-ct-guidelines-20091006/Overview.html#sec-transformation-deployment-conformance > > ---- > > Your comment on 4.1.5.5 Original Headers: >> Original headers MUST not be changed (User-Agent string has a special >> place, but also the UAProf x-wap-profile is very very relevant). > > > Working Group Resolution (LC-2006): > The text surrounding which HTTP request headers can be altered and under > what circumstances has been tightened up in another part of 4.1.5. However, > section 4.1.5.5 remains - because if request headers have been altered, for > whatever reason, it is useful for website technicians to be able to see the > complete and original information from the device so that they can find out > what is happening. > > The updated text is available at: > http://www.w3.org/TR/2009/WD-ct-guidelines-20091006/Overview.html#sec-original-headers > > ---- > > Your comment on 4.2 Server Response to Proxy: >> The use of MUST on the CTG when referring to the role of the server >> should not be allow, since irresponsible transcoding companies will use >> this to disrupt service and destroy the user experience set us back many >> years. >> We can accept RECOMMENDED, and only RECOMMENDED. > > > Working Group Resolution (LC-2007): > We agree and have removed the "Content Deployment" class of product. All > normative statements that previously applied to content deployments are now > listed in an "Informative Guidance for Origin Servers" non-normative > appendix at the end of the document. > > The updated definition of classes of product is available at: > http://www.w3.org/TR/2009/WD-ct-guidelines-20091006/Overview.html#sec-classes-of-product > > The non-normative appendix for origin servers is available at: > http://www.w3.org/TR/2009/WD-ct-guidelines-20091006/Overview.html#d2e1536 > > ---- > > Your comment on 4.3.6.2 HTTPS Link Re-writing: >> I am the founder of Goowallet a Mobile Banking / Payment private label >> service provider >> >> After reading the Last Call comments we are very concern that many of >> these recommendations will seriously impact security, privacy and >> trust. >> >> We are therefore 100% oppose to allowing Disrupting HTTPS they way >> transcoder do today is probably illegal and certainly unethical. HTTPS >> is built to guarantee end2end security. >> Breaking end2end security is probably illegal. >> Men in the Middle/Interfering with HTTPS should not be permissible >> under any circumstances. >> Making(allowing) it possible for an Operator to now attempt to >> dismantle the security of the internet in favor of transcoding, will >> seriously and significantly and negatively impact the banking and >> financial industry. >> Data protection rules and regulations. If allow, this will also impact >> the national security of all law abiding nations. > > > Working Group Resolution (LC-2004): > We agree and have added text to this section that goes some way to > addressing your concern. > > ---- > > >
Received on Monday, 16 November 2009 12:57:55 UTC