RE: ISSUE-101 Create "visiting known site that is now malware" use case as per ACTION-275

Has this horse gotten back up? 
 
Two things
 
1. I agree with the comment that an unidentified site is different from
identified site. User may consider identified site trusted.
 
unidentified destination, installing. To me, the new use case seems
like
> identified source, identified destination (she goes to that site
often), 
> installing
 
2. I agree with tylers note about installing when no user interaction
takes place.
 
>     It doesn't fit into our current categorization of
>     Believing/Providing/Installing, since there is no user
interaction,
>     so I've just marked it "No interaction" and left it out of the 
>     category table.

Bill
 
 
 

________________________________

From: public-wsc-wg-request@w3.org
[mailto:public-wsc-wg-request@w3.org] On Behalf Of Ian Fette
Sent: Tuesday, October 09, 2007 9:17 PM
To: Serge Egelman
Cc: Close, Tyler J.; public-wsc-wg@w3.org
Subject: Re: ISSUE-101 Create "visiting known site that is now malware"
use case as per ACTION-275



	Serge, this isn't the first time I'm mentioning the Vicki use
case, and I have no idea what you're trying to show here. I said in my
very first email about the issue back on 8/3 that "This is slightly
different than use case 19." (use case 19 being the Vicki use case).
The difference between this and the Vicki case is one of going to a new
site vs going to a site with which you have a previous interaction. As
such, I was merely pointing out that the two should probably be in the
same general class of use cases in the document. 
	
	
	On 10/9/07, Serge Egelman <egelman@cs.cmu.edu> wrote: 

		Wait, are you saying that this new use case might
overlap with an
		existing one?
		
		serge
		
		Ian Fette wrote:
		> I wonder if it doesn't fit with Installing? I.e. the
Vicki use case
		> ("Vicki is interested in finding out more about art
auctions in the 
		> greater Boston area. She engages a search engine and
tries to follow a
		> link there. Her web browser consults a reputation
service which has
		> recorded that the link target will attempt to subvert
the browser and 
		> install malicious software.") is listed as identified
source,
		> unidentified destination, installing. To me, the new
use case seems like
		> identified source, identified destination (she goes
to that site often), 
		> installing.
		>
		> Although, to be honest, if someone disagrees it
really doesn't matter to
		> me how it gets classified... it just seems to me that
it's most similar
		> to the vicki case. 
		>
		> -Ian
		>
		> On 10/9/07, *Close, Tyler J.* <tyler.close@hp.com
		> <mailto:tyler.close@hp.com>> wrote: 
		>
		>     This use case is now at:
		>
		>     http://www.w3.org/2006/WSC/drafts/note/#any-iio-1
		>     <
http://www.w3.org/2006/WSC/drafts/note/#any-iio-1
<http://www.w3.org/2006/WSC/drafts/note/#any-iio-1> >
		>
		>     It doesn't fit into our current categorization of
		>     Believing/Providing/Installing, since there is no
user interaction,
		>     so I've just marked it "No interaction" and left
it out of the 
		>     category table.
		>
		>     --Tyler
		>
		>
-----------------------------------------------------------------------
-
		>         *From:* public-wsc-wg-request@w3.org
		>         <mailto:public-wsc-wg-request@w3.org>
		>         [mailto:public-wsc-wg-request@w3.org 
		>         <mailto:public-wsc-wg-request@w3.org>] *On
Behalf Of *Mary Ellen
		>         Zurko
		>         *Sent:* Friday, September 28, 2007 8:49 AM 
		>         *To:* public-wsc-wg@w3.org
<mailto:public-wsc-wg@w3.org>
		>         *Subject:* ISSUE-101 Create "visiting known
site that is now 
		>         malware" use case as per ACTION-275
		>
		>
		>         After much discussion, and great work on the
part of all
		>         participants to craft the most acceptable
proposal, we are 
		>         resolving this issue according to the results
of the poll.
		>
		>         The final proposal for the use case is:
		>
		>         Betty tries to connect to a web site at
		>         <_http://www.example.com/>._ <
http://www.example.com/%3E.>She
		>         visits this site frequently to read various
news and articles.
		>         Since her last visit, the site example.com
<http://example.com>
		>         has been compromised by some method, and
visitors are now being
		>         infected with malware. At the time of the
current request, 
		>         Betty's user agent now has information saying
that example.com
		>         <http://example.com> is a known bad site.
What interaction, if 
		>         any, should occur?
		>
		>         The poll results are:
		>
		>         Accept: 7
		>         (ian f, anil s, thomas r, johnathan n, dan s,
audian p, phill h-b)
		>
		>         Abstain: 3 
		>         (jan vidar k, cristian s, rachna d)
		>
		>         Against:: 2
		>         (tyler c, serge e)
		>
		>
		>         Absent a material error in the count, I
declare concensus on
		>         this issue. The editors will add the use case
to wsc-usecases, 
		>         and add Ian Fette to acknowlegements.
		>
		>
		>         On a related note, I am sorry I was not
around to give direct
		>         feedback to people when the discussion tone
occasionally slipped 
		>         out of the totally professional and
respectful. I know everyone
		>         is capable of engaged and even handed
discussion, even when they
		>         totally disagree with others, and that an
occasional personal 
		>         and private reminder can go a long way
towards halting any slips
		>         that might occur.
		>
		>
		>
		
		--
		/*
		Serge Egelman
		
		PhD Candidate
		Vice President for External Affairs, Graduate Student
Assembly 
		Carnegie Mellon University
		
		Legislative Concerns Chair
		National Association of Graduate-Professional Students
		*/
		

Received on Wednesday, 10 October 2007 16:09:31 UTC