Re: Issue-207

On 18/04/2014 20:22, Roy T. Fielding wrote:
> On Apr 18, 2014, at 10:41 AM, Walter van Holst wrote:
>> Rob already as argued for this better than I can. It only stands to
>> reason that syntactically well-formed DNT requests are honoured without
>> second guessing the user.
> No, that doesn't stand to reason, anywhere.  We don't honor requests
> from clients that match the pattern of a denial of service attack.

That is what the permitted uses are for, among other things.
> We don't honor purchases made with a stolen credit card.  We don't
> honor requests that appear to be gatewayed through a phishing site.

Again, permitted uses.
> We frequently don't honor requests that pass through an export-controlled
> location. And we sure don't honor HTTP protocol fields from user agents
> that lie about their capabilities or semantics
In my opinion that might qualify as an exception to a MUST rule.
> I will never support a standard that allows a user agent to lie about
> its semantics to a server without any corresponding power of the server
> to recognize that lie and work around the bug.  That would only
> encourage unscrupulous actors to manipulate standard protocols for
> their own personal gain.
Genuinely curious about examples of those, and their gains.
> If a user agent does not adhere to the semantics of the protocol,
> the signal will be ignored.  This is not subject to the WG's opinion.
> Whether or not a "D" is sent after a signal is ignored is what
> is subject to the WG's opinion.
Sending a D upon ignoring a signal would be another MUST in my book
(perhaps except in the cases of permitted use).



Received on Tuesday, 22 April 2014 12:17:13 UTC