- From: Close, Tyler J. <tyler.close@hp.com>
- Date: Tue, 10 Apr 2007 20:50:27 -0000
- To: "Web Security Context WG" <public-wsc-wg@w3.org>
> ISSUE-27: [editorial?] techniques for content based detection > > http://www.w3.org/2006/WSC/Group/track/issues/27 > > Raised by: Thomas Roessler > On product: Note: use cases etc. > > In "content based detection", the note suggests that > techniques we don't want to look at include "comparing the > served URLs, graphics or markup to known legitimate sites, or > to known attacks." On the face of it, that sentence would > even suggest that comparing a URI to one that has been > visited is out of scope. > I believe that simply striking the text from "These > techniques include", through "to known attacks" would clarify > this paragraph greatly, without changing the intended meaning > in a significant way. > > I suggest this is an editorial change. I see your point about the tension between In scope section "Historical browsing information" and Out of scope section "Content based detection". I'm nervous about covering up this tension by making the section more vague about what it intends. Perhaps a better cut is distinguishing between known good content versus possibly bad content. For example, rephrasing: "These techniques include comparing the served URLs, graphics or markup to known legitimate sites, or to known attacks." to: "These techniques include comparing the served URLs, graphics or markup to known attacks." Tyler
Received on Tuesday, 10 April 2007 20:51:27 UTC