Re: issue-151

Rigo,

Normally I would agree with you, but in this case there is nothing more to
talk about. You have to treat the signal as valid until you can prove it
isn't. The only way to do that is with an exception which is still
possible to intercept. So all you will do is end up in another endless
loop discussion. Start treating DNT signals as valid because they are, and
that's what AB 370 assumes. And as soon as it becomes law you're going to
need to know how your service is going to respond to a a DNT signal.

The debate is over, the cows have left the barn for good.



Peter
_________________________
Peter J. Cranstone





On 9/2/13 8:11 AM, "Rigo Wenning" <rigo@w3.org> wrote:

>Hi Mike, 
>
>this is certainly interesting for web apps, but doesn't tell the
>receiver of the signal whether the signal was created following the
>rules. Everybody can just inject a header. We could have signed headers
>etc. So there is still lots to talk about.
>
> --Rigo
>
>On Monday 02 September 2013 09:58:00 Mike O'Neill wrote:
>> Other W3C groups are working on cross-platform standards for web apps.
>> Web apps need access to device interfaces for such things as
>> telephony, geo-location and contact lists so "certified" apps are
>> being defined which those that would have access to such "sensitive"
>> APIs. A certified app is cryptographically signed by an organisation
>> such as an app webstore to prove it has been vetted.
>
>

Received on Monday, 2 September 2013 14:23:22 UTC