Re: Cache-Control: no-transform and "dangerous" content from Aaron Kemp on 2008-02-05 (public-bpwg-ct@w3.org from February 2008)

From: Aaron Kemp <kemp@google.com>
Date: Tue, 5 Feb 2008 08:31:02 -0500
To: "Francois Daoust" <fd@w3.org>
Cc: public-bpwg-ct@w3.org
Message-ID: <7452c7ef0802050531p5256e538k51c78eeb207adecb@mail.gmail.com>

On Feb 5, 2008 3:44 AM, Francois Daoust <fd@w3.org> wrote:

> I think I get your point on no-transform which I would rephrase and
> summarize as:
> "The CT-proxy MAY transform content flagged by the server with a
> Content-Cache: no-transform directive if it thinks it's dangerous, but
> it MUST get the approval of the user beforehand. Persistent registration
> of the user's choice by the CT-proxy is allowed."
>

This looks good to me.


> In this case, the CT-proxy acts like a kind of extension of the user's
> browser and is controlled by the user. That sounds reasonable. It's a
> deviation from the HTTP RFC but then, the more I think about it, the
> more I find our CT-proxy doesn't exactly fit in the definition of what
> the HTTP RFC calls a proxy (or a gateway for that matter).
>

This is how we always think of our CT-proxy -- an extension (or replacement)
of the user's browser.  Whether it's semantically "correct" is questionable,
but it's a useful mental model :)

Thanks
Aaron

Received on Tuesday, 5 February 2008 13:31:22 UTC