- From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
- Date: Wed, 10 Oct 2007 12:19:25 -0400
- To: wdoyle@mitre.org
- Cc: public-wsc-wg@w3.org
- Message-ID: <OFE6BBA0F0.90F06C69-ON85257370.005985D5-85257370.0059AB74@LocalDomain>
No, the horse is dead. But people can talk about it if they insist. It
will not resuscitate the horse. The best way to treat a dead horse is to
leave him in peace. But I understand that sometimes eulogies are
unavoidable.
Mez
RE: ISSUE-101 Create "visiting known site that is now malware" use case as
per ACTION-275
Doyle, Bill
to:
Ian Fette, Serge Egelman
10/10/2007 12:13 PM
Sent by:
public-wsc-wg-request@w3.org
Cc:
"Close, Tyler J.", public-wsc-wg
Has this horse gotten back up?
Two things
1. I agree with the comment that an unidentified site is different from
identified site. User may consider identified site trusted.
unidentified destination, installing. To me, the new use case seems like
> identified source, identified destination (she goes to that site often),
> installing
2. I agree with tylers note about installing when no user interaction
takes place.
> It doesn't fit into our current categorization of
> Believing/Providing/Installing, since there is no user interaction,
> so I've just marked it "No interaction" and left it out of the
> category table.
Bill
From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org]
On Behalf Of Ian Fette
Sent: Tuesday, October 09, 2007 9:17 PM
To: Serge Egelman
Cc: Close, Tyler J.; public-wsc-wg@w3.org
Subject: Re: ISSUE-101 Create "visiting known site that is now malware"
use case as per ACTION-275
Serge, this isn't the first time I'm mentioning the Vicki use case, and I
have no idea what you're trying to show here. I said in my very first
email about the issue back on 8/3 that "This is slightly different than
use case 19." (use case 19 being the Vicki use case). The difference
between this and the Vicki case is one of going to a new site vs going to
a site with which you have a previous interaction. As such, I was merely
pointing out that the two should probably be in the same general class of
use cases in the document.
On 10/9/07, Serge Egelman <egelman@cs.cmu.edu> wrote:
Wait, are you saying that this new use case might overlap with an
existing one?
serge
Ian Fette wrote:
> I wonder if it doesn't fit with Installing? I.e. the Vicki use case
> ("Vicki is interested in finding out more about art auctions in the
> greater Boston area. She engages a search engine and tries to follow a
> link there. Her web browser consults a reputation service which has
> recorded that the link target will attempt to subvert the browser and
> install malicious software.") is listed as identified source,
> unidentified destination, installing. To me, the new use case seems like
> identified source, identified destination (she goes to that site often),
> installing.
>
> Although, to be honest, if someone disagrees it really doesn't matter to
> me how it gets classified... it just seems to me that it's most similar
> to the vicki case.
>
> -Ian
>
> On 10/9/07, *Close, Tyler J.* <tyler.close@hp.com
> <mailto:tyler.close@hp.com>> wrote:
>
> This use case is now at:
>
> http://www.w3.org/2006/WSC/drafts/note/#any-iio-1
> < http://www.w3.org/2006/WSC/drafts/note/#any-iio-1>
>
> It doesn't fit into our current categorization of
> Believing/Providing/Installing, since there is no user interaction,
> so I've just marked it "No interaction" and left it out of the
> category table.
>
> --Tyler
>
> ------------------------------------------------------------------------
> *From:* public-wsc-wg-request@w3.org
> <mailto:public-wsc-wg-request@w3.org>
> [mailto:public-wsc-wg-request@w3.org
> <mailto:public-wsc-wg-request@w3.org>] *On Behalf Of *Mary Ellen
> Zurko
> *Sent:* Friday, September 28, 2007 8:49 AM
> *To:* public-wsc-wg@w3.org <mailto:public-wsc-wg@w3.org>
> *Subject:* ISSUE-101 Create "visiting known site that is now
> malware" use case as per ACTION-275
>
>
> After much discussion, and great work on the part of all
> participants to craft the most acceptable proposal, we are
> resolving this issue according to the results of the poll.
>
> The final proposal for the use case is:
>
> Betty tries to connect to a web site at
> <_http://www.example.com/>._ < http://www.example.com/%3E.>She
> visits this site frequently to read various news and articles.
> Since her last visit, the site example.com <http://example.com>
> has been compromised by some method, and visitors are now being
> infected with malware. At the time of the current request,
> Betty's user agent now has information saying that example.com
> <http://example.com> is a known bad site. What interaction, if
> any, should occur?
>
> The poll results are:
>
> Accept: 7
> (ian f, anil s, thomas r, johnathan n, dan s, audian p, phill
h-b)
>
> Abstain: 3
> (jan vidar k, cristian s, rachna d)
>
> Against:: 2
> (tyler c, serge e)
>
>
> Absent a material error in the count, I declare concensus on
> this issue. The editors will add the use case to wsc-usecases,
> and add Ian Fette to acknowlegements.
>
>
> On a related note, I am sorry I was not around to give direct
> feedback to people when the discussion tone occasionally slipped
> out of the totally professional and respectful. I know everyone
> is capable of engaged and even handed discussion, even when they
> totally disagree with others, and that an occasional personal
> and private reminder can go a long way towards halting any slips
> that might occur.
>
>
>
--
/*
Serge Egelman
PhD Candidate
Vice President for External Affairs, Graduate Student Assembly
Carnegie Mellon University
Legislative Concerns Chair
National Association of Graduate-Professional Students
*/
Received on Wednesday, 10 October 2007 16:19:42 UTC