- From: Anssi Kostiainen via GitHub <sysbot+gh@w3.org>
- Date: Tue, 29 Sep 2015 12:10:13 +0000
- To: public-secondscreen@w3.org
Good catch. We should note the probing issue in the Security and privacy considerations section. This was not touched upon by PING, likely since the spec does not mention DIAL explicitly. We could also consider amending the respective algorithms with a note. E.g. in [Monitor the list of available presentation displays][1]: >NOTE >The mechanism used to monitor presentation displays availability and determine the compatibility of a presentation display with a given URL is left to the user agent. This could be amended with text that makes it clear that the given URL may reveal information about the user's system, e.g. apps installed to handle the specifically crafted URL. Also note the UAs may implement measures to mitigate that and how. If this warrants changes to the algorithm, we should look at that too. [1]: https://w3c.github.io/presentation-api/#dfn-monitor-the-list-of-available-presentation-displays -- GitHub Notif of comment by anssiko See https://github.com/w3c/presentation-api/issues/45#issuecomment-144039610
Received on Tuesday, 29 September 2015 12:10:15 UTC