- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Thu, 12 Feb 2015 22:52:55 +0100
- To: "Eduardo' Vela <Nava>" <evn@google.com>
- Cc: Mounir Lamouri <mlamouri@google.com>, Wendy Seltzer <wseltzer@w3.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Devdatta Akhawe <dev.akhawe@gmail.com>, Deian Stefan <deian@cs.stanford.edu>, Mike West <mkwst@google.com>, David Baron <dbaron@dbaron.org>, Jeffrey Yasskin <jyasskin@google.com>, Daniel Veditz <dveditz@mozilla.com>, Brad Hill <hillbrad@gmail.com>, David Ross <drx@google.com>, Martin Thomson <martin.thomson@gmail.com>
On Thu, Feb 12, 2015 at 9:50 PM, Eduardo' Vela" <Nava> <evn@google.com> wrote: > Hmm, I think I didn't explain myself correctly. I thought you did. > The concern is that, say, if EPR was implemented, sites like Facebook or the > WSJ could block Google, or Bing from linking to their site. > > Other concern is that, for example, Bugzilla or github could break links in > a way that I couldn't bookmark them or store them in delicio.us. > > Other concern is that, for example, Yahoo News could be linked to from Bing > but not DuckDuckGo. > > Did I miss any concerns on EPR vs. The Web? Directly linking to "subresources" of an EPR site, presumably. > Which of these concerns is impossible without EPR? Say, with Referrer > checking. As I said, if you implement Referer checking you might end up breaking your own site for a number of users due to weird firewall policies. See past research on that header. I think it was done by Adam Barth. > Is the concern that EPR will make this practice mainstream? It's a concern, certainly. -- https://annevankesteren.nl/
Received on Thursday, 12 February 2015 21:53:23 UTC