RE: [ACTION-633] CT guidelines on HTTPS interception

Re. ACTION-633 - Write a clear draft on @@allow-https-rewrite and the need for the end-user to be aware of the situation [on Andrew Swainston - due 2008-02-05].

A directive from the client (browser) to indicate whether the https rewrites are allowed should have "yes" as the default (in the absence of the directive) so that https rewriting is allowed for legacy browsers.

Additionally, the end user should always be aware of what is happening. 

I propose that the default is changed to "yes" and that the following is added:

"A proxy may intercept HTTPS pages (typically by previously rewriting HTTPS links). If it does, it must advise the end user of the  security implications of doing so, and provide the user the option for no interception."

Best regards,

Andrew

-----Original Message-----
From: public-bpwg-ct-request@w3.org [mailto:public-bpwg-ct-request@w3.org] On Behalf Of Francois Daoust
Sent: 04 February 2008 11:03
To: public-bpwg-ct
Subject: [ACTION-634] CT guidelines and WAP1 gateways


Per ACTION-634, I'm supposed to write a note to include in our guidelines to warn the readers that most of the guidelines are not compatible with WAP1 gateways as they would fail to transform WML to WMLC when they encounter a HTTP Cache-Control: no-transform header.

Here is my proposal:

-----
Warning: Incompatibility with WAP1 gateways

This document recommends the use of the Cache-Control: no-transform HTTP header by the origin server, with a view to controlling the content transformation proxy and in particular to preventing any kind of content transformation.

The Cache-Control: no-transform directive applies to all the intermediaries between the origin server and the user agent. In particular, WAP1 gateways would obey the directive and would fail to compile WML into WMLC. Failure to do so would break the content delivery to the user agent.

As a consequence, these guidelines cannot be used to deliver content through WAP1 gateways.
-----

It could go in the "2.2 Objectives" section formatted as a note with a different background color. Or maybe at some other place, it certainly doesn't have to be the first thing readers see. 

François.

Received on Tuesday, 5 February 2008 14:51:40 UTC