- From: Ian Hickson <ian@hixie.ch>
- Date: Tue, 16 Jun 2009 16:16:42 +0000 (UTC)
- To: Rigo Wenning <rigo@w3.org>
- Cc: Andrei Popescu <andreip@google.com>, public-geolocation@w3.org, Thomas Roessler <tlr@w3.org>
On Tue, 16 Jun 2009, Rigo Wenning wrote: > > And NO, this is not at all harmful in the sense that Ian Hickson > described. I have understood the remarks differently. Ian Hickson may > clarify. Because this would mean that you and others would consider P3P > harmful to browsers and exposing users to risks. P3P has exactly the same problems as I described, yes. This is one of the reasons why it hasn't been implemented in most browsers. (In short, it relies on the site being honest, and then on the browser trusting the site and exposing the same information but with the browser's authority behind it. Most browser vendors refuse to implement this because it undermines the user's trust in the browser, leading to the same issues such as the user no longer trusting TLS warnings.) > And only because you (or your understanding of the majority of user > agents) don't want to implement it, doesn't mean that others won't make > a plugin/Extension using exactly that option (see e.g. Prime). I think if there is a desire to have an optional addition to the Geolocation API, it should be specified in a separate specification. There is clearly not consensus on having this kind of thing in the core API, and having things in the core API that aren't implemented will prevent us from getting through CR. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 16 June 2009 16:17:18 UTC