- From: Doyle, Bill <wdoyle@mitre.org>
- Date: Fri, 6 Jul 2007 13:23:31 -0400
- To: "Thomas Roessler" <tlr@w3.org>
- Cc: <public-wsc-wg@w3.org>
Thx, that works for me. I can then reference it. Do we have an owner for section 5.7? Should I make a first pass at rewrite? Cheers, Bill D. wdoyle@mitre.org -----Original Message----- From: Thomas Roessler [mailto:tlr@w3.org] Sent: Friday, July 06, 2007 1:14 PM To: Doyle, Bill Cc: public-wsc-wg@w3.org Subject: Re: Robustness - Review of note - do we need an assumption section? On 2007-06-19 07:52:48 -0400, Doyle, Bill wrote: > The WG knows that the user agent operates in a risk prone > environment. We note items that are out of scope, but I don't see > anything that states an expectation that the user agent requires > a reliable platform. > It is assumed that is that the user agent is operating on a > platform that is functioning correctly. Since the web is a risk > prone environment the user must take precautions implementing > defense in depth techniques that include network, application and > OS controls to ensure that the operating environment is reliable > and will correctly interpret user and user agent requests. That's, in fact, an excellent point. It's somewhat inherent to 5.7, where we declare "User agent exploits" out of scope. It might be useful to rephrase that section roughly in the way that you hint at, to be more explicit that this is actually a generic assumption that we make, as opposed to a somewhat informal remark about certain attacks. Regards, -- Thomas Roessler, W3C <tlr@w3.org>
Received on Friday, 6 July 2007 17:23:38 UTC