- From: Thomas Roessler <tlr@w3.org>
- Date: Wed, 12 Sep 2007 18:40:50 +0200
- To: ifette@google.com, tyler.close@hp.com
- Cc: WSC WG <public-wsc-wg@w3.org>
Thanks Ian. As it looks like I'll be chairing the next call, here's what I plan to do about this issue: - Please post any alternative proposals to the list *this* week. - If there are several proposals, I'd appreciate discussion and refinement by e-mail on the list. - If there is only one proposal, we'll have a rather short discussion (if any) on the call, and then see what the level of support and objection is. Regards, -- Thomas Roessler, W3C <tlr@w3.org> On 2007-09-11 14:31:23 -0700, Ian Fette wrote: > Well, although consensus was declared, in subsequent meetings > we've been going back and forth about this use case. Two main > comments were raised - one is that the use case was too specific > re: blacklisting (i.e. supposing the existence of a particular > technology or method). This is probably a valid concern and as I > said I'm happy to re-write the use case to address that concern. > A second concern was seemingly deeper, more fundamental, raised > by Tyler in the call and in multiple emails (I don't think I can > really re-state it in a way that everyone would agree with, so I > will simply say that there were other concerns raised by Tyler > and leave it there). > > At the last meeting (or last-1?) there was a straw poll done to see > how people felt about including the use case that has become Issue > 101. (This is the malware use-case). It was a bunch of "Yes" and > "Don't care"'s with one No. I'd really like to come to a point where > we can move on. > > The original use case proposed was this: > > Betty tries to connect to a web site at <http://www.example.com/>. She > visits this site frequently to read various news and articles. Since > her last visit, the site example.com has been compromised by some > method, and visitors are now being infected with malware. A blacklist > used by her user agent has since listed example.com as a known bad > site, what warnings should Betty be presented with? > > Destination Site > - Known, Prior visit > Navigation > - any > Intended interaction > - Information retrieval > Actual interaction > - software installation > Note > > - This is slightly different than use case 19. It still deals with how > to present results obtained from reputation services, but in the case > of a user returning to a site that they believe to be "good" when that > site is now believed to be compromised. > > I'm happy to change it to the following if it would make people happier: > > Betty tries to connect to a web site at <http://www.example.com/>. She > visits this site frequently to read various news and articles. Since > her last visit, the site example.com has been compromised by some > method, and visitors are now being infected with malware. At the time > of the current request, Betty's user agent now has information saying > that example.com is a known bad site. What warnings should Betty be > presented with? > > Destination Site > - Known, Prior visit > Navigation > - any > Intended interaction > - Information retrieval > Actual interaction > - software installation > Note > - This is slightly different than use case 19. It still deals with how > to present results obtained from reputation services, but in the case > of a user returning to a site that they believe to be "good" when that > site is now believed to be compromised. > > This doesn't specifically mention blacklist, domain reputation > services, anything like that - it's just saying that the browser > somehow knows it's now a site that if Betty visits, bad things will > happen. > > Do people prefer this new version? Or, more importantly, will this new > version change anyone's [tyler] votes? Can we move on? > > -Ian > > On 8/24/07, Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com> wrote: > > > > http://www.w3.org/2006/WSC/track/issues/101 > > > > Over a week. I declare concensus. > > > > Tyler, please fold in. > > > > Please also add Ian's name to the acknowledgements. > > > > Mez > > > > Mary Ellen Zurko, STSM, IBM Lotus CTO Office (t/l 333-6389) > > Lotus/WPLC Security Strategy and Patent Innovation Architect > > > > > >
Received on Wednesday, 12 September 2007 16:40:56 UTC