- From: Jonas Sicking <jonas@sicking.cc>
- Date: Thu, 19 Mar 2009 15:52:57 -0700
- To: Anne van Kesteren <annevk@opera.com>
- Cc: Ian Hickson <ian@hixie.ch>, Alexey Proskuryakov <ap@webkit.org>, public-webapps <public-webapps@w3.org>
On Thu, Mar 19, 2009 at 3:18 PM, Anne van Kesteren <annevk@opera.com> wrote: > On Thu, 19 Mar 2009 19:00:36 +0100, Jonas Sicking <jonas@sicking.cc> wrote: >> >> While I agree that there are other ways of doing this, I think I'd >> have a really hard time selling a feature that explicitly allows port >> scanning to our security team. Especially when there is an easy >> remedy. > > Since there are other ways of doing this, who are we helping exactly by > making things more complicated for developers, implementors, and the > specification author? Certainly not the user, because he is "vulnerable" > either way. I don't know how easy it is with current technologies to do this reliably. Or how big chances are that we can fix those technologies in the future to not work at all, or at least be less reliable. If you have that information I can try to bring a case for security review here. There's also the argument that we can always relax this requirement in the future as it would be a compatible change. / Jonas
Received on Thursday, 19 March 2009 22:53:33 UTC