RE: [ACTION-603] Conversation with Yves, our HTTP expert, about CT and Cache-Control extensions from Magnus Lönnroth on 2008-02-05 (public-bpwg-ct@w3.org from February 2008)

From: Magnus Lönnroth <magnus.lonnroth@ericsson.com>
Date: Tue, 5 Feb 2008 15:44:21 +0100
To: "Aaron Kemp" <kemp@google.com>, "Sullivan, Bryan" <BS3131@att.com>
Cc: "public-bpwg-ct" <public-bpwg-ct@w3.org>
Message-ID: <A91F30A632473A47B40C18D2B107CA6F051CF96F@esealmw105.eemea.ericsson.se>

[WARNING: link below crashes Internet Explorer]

But this breaks pages that are specifically designed to crash a browser, like http://www.crashie.com/

I'm not condoning it - juts pointing it out. And I think it would be a simpler/better approach to just blacklist sites that do this. And there are probably a gazillion similar exploits. Blacklisting has the added benefit of adding a strong incentive for the origin server to fix the issue.

thanks,

Magnus Lönnroth
Head of PDU SDP
Development Unit Multimedia Products
Ericsson AB

________________________________

From: public-bpwg-ct-request@w3.org [mailto:public-bpwg-ct-request@w3.org] On Behalf Of Aaron Kemp
Sent: den 4 februari 2008 17:40
To: Sullivan, Bryan
Cc: public-bpwg-ct
Subject: Re: [ACTION-603] Conversation with Yves, our HTTP expert, about CT and Cache-Control extensions

On Feb 4, 2008 11:20 AM, Sullivan, Bryan <BS3131@att.com> wrote:

Aaron,
So you believe it is acceptable to ignore the "no-transform" directive, e.g. if you believe that is what the user wants by accessing a site through your system?

Unfortunately yes, in some cases. In cases where we would send content to the mobile that will cause it to reset, or otherwise fail to display the page, I believe it is better to modify the content. I recognize that this opinion is not universally shared.

Currently, we will do this without asking the user. I can imagine a good compromise between breaking a users phone and obeying the site owners wishing being that we could show an interstitial page saying "listen, the content author asked us not to change their site, but if we don't, it's going to crash your phone. Do you want us to modify it anyway?"

That gets to the essence of my earlier comments that the CT Service Provider's awareness of user preferences sometimes can (and should) trump the indicated preference of the content provider.

Right. It is my opinion that this is the case. But again, I realize others do not feel this way.

If we cannot reach consensus on this, I would rather put up a page saying "Sorry, you can't safely access this content" and not allow the user to continue, than crash the users phone.

Aaron

Received on Tuesday, 5 February 2008 14:45:34 UTC