- From: Walter van Holst <walter.van.holst@xs4all.nl>
- Date: Sat, 01 Dec 2012 14:32:13 +0100
- To: public-tracking@w3.org
On 12/1/12 4:25 AM, Ian Fette (イアンフェッティ) wrote: > With respect to this or any other hardware device attempting to mitm > traffic, there seems to be no provision for how to handle exceptions. > Much less to ensure the header and dom property are consistent. That > seems quite problematic to me. Regardless of how problematic these issues are, it is not quite obvious to me how much relevance they bear towards this standard. We're talking about a change (to the HTTP-request) whose provenance will be hard to detect for servers. Since devices such as this typically operate between the endpoints of an HTTP session, the logical course of action would be to switch to HTTPS instead. It all comes back to the fundamentally trust-based approach we've taken. If we assume DNT only to be used by good actors on the server side, we likewise must assume that a DNT:1 signal has been set in good faith. Regards, Walter
Received on Saturday, 1 December 2012 13:32:56 UTC