W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2013

Re: De-duplicating violation reports?

From: Daniel Veditz <dveditz@mozilla.com>
Date: Sat, 03 Aug 2013 16:40:01 -0700
Message-ID: <51FD94D1.8060600@mozilla.com>
To: Devdatta Akhawe <dev.akhawe@gmail.com>
CC: Neil Matatall <neilm@twitter.com>, Brad Hill <bhill@paypal-inc.com>, public-webappsec@w3.org, Mike West <mkwst@google.com>
On 8/1/2013 10:19 AM, Devdatta Akhawe wrote:
> I think it is useful to have, but I am not sure what the advantage of
> spec'ing it would be. Maybe just leave it as a suggestion
> (non-normative?) in the spec? UAs can either implement dedup, or a
> throttle, or bunch up multiple reports into a single request. The spec
> is better off leaving it to the UA and its developers.

That could lead to web authors having to turn off reports to prevent
being swamped if one of the major browsers doesn't de-duplicate. Since
duplicate reports are never useful to the web author we should remove
this potential source of abuse.

-Dan Veditz



Received on Saturday, 3 August 2013 23:40:31 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:02 UTC