Re: What problems are we trying to solve? from Mary Ellen Zurko on 2006-12-08 (public-wsc-wg@w3.org from December 2006)

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Fri, 8 Dec 2006 08:22:10 -0500
To: Thomas Roessler <tlr@w3.org>
Cc: public-wsc-wg@w3.org
Message-ID: <OF1863B516.07CFE630-ON8525723E.00495E13-8525723E.00497134@LocalDomain>

> when I had first seen your list, I had read that point with an
> emphasis on "discovered an attack", and had thought of heuristic
> techniques, IDS-like stuff, and so on.

Yes, that aspect too is out of scope.

> I do think that discussion on how user agents ought to react to
> failures of security protocols is in scope -- the prime example here
> being the MITM detection in SSL which is subverted by giving users
> an override button that they'll of course push.

It's my understanding that the charter defines our scope (our goals can be 
more targetted than the scope allows for). Is my understanding wrong? If 
not, what part of the charter supports that?
        Mez

Received on Friday, 8 December 2006 13:22:18 UTC