W3C home > Mailing lists > Public > public-bpwg@w3.org > January 2009

Re: ACTION-893: Start putting together a set of guidelines that could help address the security issues triggered by links rewriting.

From: <passani@eunet.no>
Date: Tue, 20 Jan 2009 23:39:54 +0100 (CET)
Message-ID: <12879.>
To: "Tom Hume" <Tom.Hume@futureplatforms.com>
Cc: "Mobile Web Best Practices Working Group WG" <public-bpwg@w3.org>

> How would it work from a content providers perspective? Would they
> need to register their service individually, or would some sort of
> aggregated whitelist make sense? I've wondered about such things
> before [1]...

I never heard of a content provider or developer who, one fine morning,
realised that, while they wanted to keep HTTPS-only login to their
website, at the same time they also wanted a mobile site, they were not OK
with building their own, but they liked the idea that someone would do it
for them through transcoding, all of this without even having to care to
authorize transcoders to by-pass the HTTPS security they peviously

In short, you are on pretty thin ice here trying to find legitimate
scenarios to break HTTPS for your transcoding friends.

Received on Tuesday, 20 January 2009 22:40:30 UTC

This archive was generated by hypermail 2.4.0 : Friday, 25 March 2022 10:09:53 UTC