- From: Magnus Lönnroth <magnus.lonnroth@ericsson.com>
- Date: Tue, 5 Feb 2008 15:44:21 +0100
- To: "Aaron Kemp" <kemp@google.com>, "Sullivan, Bryan" <BS3131@att.com>
- Cc: "public-bpwg-ct" <public-bpwg-ct@w3.org>
- Message-ID: <A91F30A632473A47B40C18D2B107CA6F051CF96F@esealmw105.eemea.ericsson.se>
[WARNING: link below crashes Internet Explorer] But this breaks pages that are specifically designed to crash a browser, like http://www.crashie.com/ I'm not condoning it - juts pointing it out. And I think it would be a simpler/better approach to just blacklist sites that do this. And there are probably a gazillion similar exploits. Blacklisting has the added benefit of adding a strong incentive for the origin server to fix the issue. thanks, Magnus Lönnroth Head of PDU SDP Development Unit Multimedia Products Ericsson AB ________________________________ From: public-bpwg-ct-request@w3.org [mailto:public-bpwg-ct-request@w3.org] On Behalf Of Aaron Kemp Sent: den 4 februari 2008 17:40 To: Sullivan, Bryan Cc: public-bpwg-ct Subject: Re: [ACTION-603] Conversation with Yves, our HTTP expert, about CT and Cache-Control extensions On Feb 4, 2008 11:20 AM, Sullivan, Bryan <BS3131@att.com> wrote: Aaron, So you believe it is acceptable to ignore the "no-transform" directive, e.g. if you believe that is what the user wants by accessing a site through your system? Unfortunately yes, in some cases. In cases where we would send content to the mobile that will cause it to reset, or otherwise fail to display the page, I believe it is better to modify the content. I recognize that this opinion is not universally shared. Currently, we will do this without asking the user. I can imagine a good compromise between breaking a users phone and obeying the site owners wishing being that we could show an interstitial page saying "listen, the content author asked us not to change their site, but if we don't, it's going to crash your phone. Do you want us to modify it anyway?" That gets to the essence of my earlier comments that the CT Service Provider's awareness of user preferences sometimes can (and should) trump the indicated preference of the content provider. Right. It is my opinion that this is the case. But again, I realize others do not feel this way. If we cannot reach consensus on this, I would rather put up a page saying "Sorry, you can't safely access this content" and not allow the user to continue, than crash the users phone. Aaron
Received on Tuesday, 5 February 2008 14:45:34 UTC