- From: Francois Daoust <fd@w3.org>
- Date: Mon, 09 Mar 2009 22:41:33 +0100
- To: Jo Rabin <jrabin@mtld.mobi>
- CC: Public MWBP <public-bpwg@w3.org>
Hi Jo, Many thanks for this summary of summaries. I'm jumping straight to the conclusion because the rest is French cuisine, you know, a perfect balance between spices, herbs, meat, wine and cheese, so I don't see anything to add. Jo Rabin wrote: [...] > > 4. Conclusions and Proposed Resolutions > > a. PROPOSED RESOLUTION: Link rewriting is a form of transformation and > at a minimum is subject to the same limitations as other forms of > transformation +1 to the proposed resolution and to the arguments that led to it. > > b. PROPOSED RESOLUTION: In-network proxies MUST NOT rewrite links > without explicit prior agreement from the Content Provider Without context, the exception-to-the-rule looks weird. Or rather it makes me think I missed a bit of context. Is the exception only triggered by the case when a Content Provider agrees to the "interception of" HTTPS and thus also needs to agree on links rewriting, or is there something else? I would agree in the first case, and would like to know what I missed in the second case. > > c. PROPOSED RESOLUTION: Interception of HTTPS is not permissible without > explicit prior agreement from the Content Provider and consent from the > user on a case by case basis +1. The proposed resolution is indeed to be read in the scope of the Content Transformation guidelines about network-deployed content transformation proxies. I don't think we should extend this scope. I also agree with the non-normative security consideration note on links rewriting: > Either way it would be worthwhile making a note as to the security issues discussed above in a non-normative way. Francois.
Received on Monday, 9 March 2009 21:42:17 UTC