- From: Doyle, Bill <wdoyle@mitre.org>
- Date: Wed, 10 Oct 2007 12:09:08 -0400
- To: "Ian Fette" <ifette@google.com>, "Serge Egelman" <egelman@cs.cmu.edu>
- Cc: "Close, Tyler J." <tyler.close@hp.com>, <public-wsc-wg@w3.org>
- Message-ID: <518C60F36D5DBC489E91563736BA4B5801B2D6F6@IMCSRV5.MITRE.ORG>
Has this horse gotten back up? Two things 1. I agree with the comment that an unidentified site is different from identified site. User may consider identified site trusted. unidentified destination, installing. To me, the new use case seems like > identified source, identified destination (she goes to that site often), > installing 2. I agree with tylers note about installing when no user interaction takes place. > It doesn't fit into our current categorization of > Believing/Providing/Installing, since there is no user interaction, > so I've just marked it "No interaction" and left it out of the > category table. Bill ________________________________ From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On Behalf Of Ian Fette Sent: Tuesday, October 09, 2007 9:17 PM To: Serge Egelman Cc: Close, Tyler J.; public-wsc-wg@w3.org Subject: Re: ISSUE-101 Create "visiting known site that is now malware" use case as per ACTION-275 Serge, this isn't the first time I'm mentioning the Vicki use case, and I have no idea what you're trying to show here. I said in my very first email about the issue back on 8/3 that "This is slightly different than use case 19." (use case 19 being the Vicki use case). The difference between this and the Vicki case is one of going to a new site vs going to a site with which you have a previous interaction. As such, I was merely pointing out that the two should probably be in the same general class of use cases in the document. On 10/9/07, Serge Egelman <egelman@cs.cmu.edu> wrote: Wait, are you saying that this new use case might overlap with an existing one? serge Ian Fette wrote: > I wonder if it doesn't fit with Installing? I.e. the Vicki use case > ("Vicki is interested in finding out more about art auctions in the > greater Boston area. She engages a search engine and tries to follow a > link there. Her web browser consults a reputation service which has > recorded that the link target will attempt to subvert the browser and > install malicious software.") is listed as identified source, > unidentified destination, installing. To me, the new use case seems like > identified source, identified destination (she goes to that site often), > installing. > > Although, to be honest, if someone disagrees it really doesn't matter to > me how it gets classified... it just seems to me that it's most similar > to the vicki case. > > -Ian > > On 10/9/07, *Close, Tyler J.* <tyler.close@hp.com > <mailto:tyler.close@hp.com>> wrote: > > This use case is now at: > > http://www.w3.org/2006/WSC/drafts/note/#any-iio-1 > < http://www.w3.org/2006/WSC/drafts/note/#any-iio-1 <http://www.w3.org/2006/WSC/drafts/note/#any-iio-1> > > > It doesn't fit into our current categorization of > Believing/Providing/Installing, since there is no user interaction, > so I've just marked it "No interaction" and left it out of the > category table. > > --Tyler > > ----------------------------------------------------------------------- - > *From:* public-wsc-wg-request@w3.org > <mailto:public-wsc-wg-request@w3.org> > [mailto:public-wsc-wg-request@w3.org > <mailto:public-wsc-wg-request@w3.org>] *On Behalf Of *Mary Ellen > Zurko > *Sent:* Friday, September 28, 2007 8:49 AM > *To:* public-wsc-wg@w3.org <mailto:public-wsc-wg@w3.org> > *Subject:* ISSUE-101 Create "visiting known site that is now > malware" use case as per ACTION-275 > > > After much discussion, and great work on the part of all > participants to craft the most acceptable proposal, we are > resolving this issue according to the results of the poll. > > The final proposal for the use case is: > > Betty tries to connect to a web site at > <_http://www.example.com/>._ < http://www.example.com/%3E.>She > visits this site frequently to read various news and articles. > Since her last visit, the site example.com <http://example.com> > has been compromised by some method, and visitors are now being > infected with malware. At the time of the current request, > Betty's user agent now has information saying that example.com > <http://example.com> is a known bad site. What interaction, if > any, should occur? > > The poll results are: > > Accept: 7 > (ian f, anil s, thomas r, johnathan n, dan s, audian p, phill h-b) > > Abstain: 3 > (jan vidar k, cristian s, rachna d) > > Against:: 2 > (tyler c, serge e) > > > Absent a material error in the count, I declare concensus on > this issue. The editors will add the use case to wsc-usecases, > and add Ian Fette to acknowlegements. > > > On a related note, I am sorry I was not around to give direct > feedback to people when the discussion tone occasionally slipped > out of the totally professional and respectful. I know everyone > is capable of engaged and even handed discussion, even when they > totally disagree with others, and that an occasional personal > and private reminder can go a long way towards halting any slips > that might occur. > > > -- /* Serge Egelman PhD Candidate Vice President for External Affairs, Graduate Student Assembly Carnegie Mellon University Legislative Concerns Chair National Association of Graduate-Professional Students */
Received on Wednesday, 10 October 2007 16:09:31 UTC