Re: ISSUE-101: Create "visiting known site that is now malware" use case as per ACTION-275 [Note: use cases etc.]

On 9/13/07, Close, Tyler J. <tyler.close@hp.com> wrote:
>
>
>
> Hi Ian,
>
> Ian Fette wrote:
> > The use cases say "This is something we should consider looking at."
>
> Perhaps that's the core of our disagreement. The use-cases are *not* the
> proposals we will consider. The use-cases are the tests we will consider
> when judging proposals. My PII bar proposal is a recommendation
> proposal, not a use case. You are currently proposing a use-case, a way
> of testing proposals. I suggest you instead make a recommendation
> proposal.
>
> Please consider the difference between a test and the thing being
> tested. I hope you will then reconsider the statements you made in the
> rest of your email.
>
> --Tyler


I agree that "blacklisting" is a recommendation proposal.  But Ian's
description might be generalized to be a use-case, rather than a proposal.
For example, take these 3 made up recommendation proposals:

1. An interface allows users to whitelist trusted sites
2. The user agent only allows the user to visit a list of trusted sites that
have been vetted by some third party service
3. An indicator conveys trust depending on the user's history (for example,
a site might accrue trust as the user frequents it and display a warning if
it is a first time visit).

Now, what should happen when a site which was once trustworthy becomes
non-trustworthy?  I think that this scenario applies to any recommendation
proposal that attempts to convey a site's reputation to the user.

I anticipate that we will eventually need a proposal that discusses how
various proposals can or can not interact with each other (e.g., if you are
using a whitelist and blacklist indicator in conjunction, which should take
precedence if they convey conflicting information?).

Rachna