- From: Thomas Roessler <tlr@w3.org>
- Date: Tue, 19 Dec 2006 12:02:11 +0100
- To: Mike Beltzner <beltzner@mozilla.com>
- Cc: "Doyle, Bill" <wdoyle@mitre.org>, "Close, Tyler J." <tyler.close@hp.com>, public-wsc-wg@w3.org
On 2006-12-12 19:11:51 -0500, Mike Beltzner wrote: > When a computer has been infected by malware, it is possible for > the network stack or local trust systems to become compromised. > The Working Group will not consider these cases when making > recommendations, and will assume that the user agent has a > trusted connection to the platform's networking stack. I'm somewhat wary about being too specific here: It's not just about the networking stack -- it's really the assumption that we do not consider attacks on user agents that involve subverting the local systemm. Our model should be that the local system can be trusted to function according to spec, but browsers do grant control over some user interface aspects to web content that they should better not grant. Looking into the "but" part in more detail is in scope for the anti-spoofing techniques deliverable. Cheers, -- Thomas Roessler, W3C <tlr@w3.org>
Received on Tuesday, 19 December 2006 11:01:57 UTC