- From: Thomas Roessler <tlr@w3.org>
- Date: Wed, 6 Jan 2010 12:27:22 +0100
- To: Max Froumentin <maxfro@opera.com>
- Cc: Thomas Roessler <tlr@w3.org>, "public-device-apis@w3.org" <public-device-apis@w3.org>
On 6 Jan 2010, at 12:06, Max Froumentin wrote: > Perhaps we need to establish how different a web application is from a system application. Admittedly I see them as being very close. Indeed in the aforementioned OSs they are basically the same. That's indeed the bigger question: Whether we believe that standardizing system-level APIs should be in scope for the specs we're working on, or whether we're more concerned with application-level services, and consider the system-level ones somebody else's problem. I suppose that's another question for the next call. >> - What does the "encrypted" attribute mean? Do we count weak crypto >> (e.g., current GSM ciphers or WEP)? Do we count link-level >> encryption to some network intermediary only, or other things? > >> Objection! > > Overruled: you didn't offer an alternative. I'll sustain my objection against this attribute: An encryption attribute of this kind is meaningless and prone to causing errors. It therefore needs to go. (If you insist in keeping it, please rename to "magicSecurityDustSprinkledOnThisInterface".) You could provide information about link-level encryption for individual protocols and media; that *might* be useful if we assume that writing system management applications is among our use cases. However, it'll require some detailed work on the security properties that individual protocols (and protocol stacks) can provide, and it leads to another set of privacy and security problems. Again, I'd be happy to discuss more on a conference call near us.
Received on Wednesday, 6 January 2010 11:27:26 UTC