- From: Jose Alberto Fernandez <jalberto@cellectivity.com>
- Date: Tue, 20 Jan 2009 14:52:34 -0000
- To: <public-bpwg@w3.org>
- Message-ID: <3AAB09AEC806CB469174F8CC39E5781801D2158E@lonex01.Cellectivity.local>
Tom Hume wrote: > > Personally I would say that a CP using HTTPS has stated they wish to > have their service accessed securely, but not that they're opting out > of transcoding by doing this. Either you are taking the Mickey out of everyone on the list or you never learn about what SSL is or means. An SSL connection is an encrypted connection between to servers. Requiring sending some header on the connection in order to decide whether the connection can be snoop on or changed in any manner requires that you snoop on the connection to start with, which means that you would be violating the confidentiality of the communication in order to know whether you are allowed to break the confidentiality of the communication. Second, it is not a question of not being allowed. It is a question of not being possible to snoop on the SSL tunnel. So the only way you have is to break the tunnel before you even know what the tunnel is all about. Which bring us back to the question of transcoding requests or documents? The only way to inform a gateway whether I allow an HTTPS reference to be snoop on, is by specifying it on the document containing the link. But as you have already decided, from what I read on the minutes, you do not allow the resources of one document to be affected by the options specified on it. Meaning that even if I say I do not want my document transformed, you seem to believe that does not disallow you from transforming its resources (i.e. the referenced HTTPS document). So you see, every decision you are taking only works to makes matters even worst for everyone involved (well, except for the transcoder vendors). Jose Alberto
Received on Tuesday, 20 January 2009 14:50:40 UTC