- From: Thomas Roessler <tlr@w3.org>
- Date: Fri, 6 Jul 2007 19:13:55 +0200
- To: "Doyle, Bill" <wdoyle@mitre.org>
- Cc: public-wsc-wg@w3.org
On 2007-06-19 07:52:48 -0400, Doyle, Bill wrote: > The WG knows that the user agent operates in a risk prone > environment. We note items that are out of scope, but I don't see > anything that states an expectation that the user agent requires > a reliable platform. > It is assumed that is that the user agent is operating on a > platform that is functioning correctly. Since the web is a risk > prone environment the user must take precautions implementing > defense in depth techniques that include network, application and > OS controls to ensure that the operating environment is reliable > and will correctly interpret user and user agent requests. That's, in fact, an excellent point. It's somewhat inherent to 5.7, where we declare "User agent exploits" out of scope. It might be useful to rephrase that section roughly in the way that you hint at, to be more explicit that this is actually a generic assumption that we make, as opposed to a somewhat informal remark about certain attacks. Regards, -- Thomas Roessler, W3C <tlr@w3.org>
Received on Friday, 6 July 2007 17:14:00 UTC