- From: Francois Daoust <fd@w3.org>
- Date: Tue, 05 Feb 2008 09:44:38 +0100
- To: Aaron Kemp <kemp@google.com>
- CC: public-bpwg-ct@w3.org
I think I get your point on no-transform which I would rephrase and summarize as: "The CT-proxy MAY transform content flagged by the server with a Content-Cache: no-transform directive if it thinks it's dangerous, but it MUST get the approval of the user beforehand. Persistent registration of the user's choice by the CT-proxy is allowed." In this case, the CT-proxy acts like a kind of extension of the user's browser and is controlled by the user. That sounds reasonable. It's a deviation from the HTTP RFC but then, the more I think about it, the more I find our CT-proxy doesn't exactly fit in the definition of what the HTTP RFC calls a proxy (or a gateway for that matter). François. Aaron Kemp wrote: > Sorry for my very delayed reply. I have been very busy recently (as I'm > sure all of us are). > > On Jan 23, 2008 6:30 AM, Francois Daoust <fd@w3.org <mailto:fd@w3.org>> > wrote: > > > and at the end of "3.5 Proxy Response to client": > "[...] if the proxy determines that the resource as currently > represented is likely to cause serious mis-operation of the client then > the proxy may transform the resource but only sufficiently to alter the > specific aspect of the content that is likely to cause mis-operation. > Proxies must not exhibit this behavior unless this has been specifically > allowed by both the server and the user. [@@ either by persistent > registration of preferences, or by use of the [@@correct dangerous > content] directive.]" > > > As long as the "persistent registration of preferences" clause exists, I > can be a happy camper. I think the odds of site owners actually adding > an additional clause to the "no-transform" directive is small (since I > believe most cases of "no-transform" are applied without though of the > consequences). I unfortunately have not had a change to gather metrics > about the number of sites that use 'no-transform'. It's possible that > it isn't widely used, in which case it is probably not a big deal. > > 4. Aaron (Kemp) > Before leaving the teleconf' yesterday, you mentioned you were thinking > exceptions were indeed needed. > > > Yes - "dangerous" or simply unsupported content. It's a problem to > crash a phone, but it's also a problem to force the user to download > several hundred kilobytes of useless content. > > Sorry for the delay, again, but I wanted to get this down since I won't > be able to make the call tomorrow. > > Aaron
Received on Tuesday, 5 February 2008 08:45:02 UTC