- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Mon, 22 Sep 2008 17:05:28 -0400
- To: Hirsch Frederick (Nokia-OCTO/Boston) <Frederick.Hirsch@nokia.com>
- Cc: XMLSec WG Public List <public-xmlsec@w3.org>
> Section 1, Overview > > Both paragraphs say essentially the same thing. I suggest removing > the first paragraph, as the 2nd one contains useful links. With this change (removing the first paragraph) I suggest changing the second paragraph to add "and the XML Security WG" after "Maintenance WG" and adding links to the homepage for each. I also suggest changing "signing xml" to "signing XML". --- context: XML Security Specifications Maintenance WG as well as items brought to the attention of the community in a Workshop on Next Steps for XML Security[XMLSecNextSteps]. While most of these best practices are related to mitigating attacks, some are for other issues - e.g. signing xml that doesn't use namespaces. --- > Section 2.1.4, 4th paragraph, last sentence: > "Retrieval of remote references may also leak information about the > verifiers of a message, as with a "web bug"." > > There are not enough details as to what a "web bug" is and what the > threat is. I suggest removing it or adding more explanation. I suggest we change ' "web bug". ' to ' "web bug" , content that causes access to the server, resulting in notification being provided to the server regarding the web page access. An example is an image that cannot be seen but results in a server access. [WebBug- Wikipedia]. ' http://en.wikipedia.org/wiki/Web_bug regards, Frederick Frederick Hirsch Nokia On Sep 19, 2008, at 11:15 AM, Hirsch Frederick (Nokia-OCTO/Boston) wrote: > resend to public list, please follow-up on public list. > > Begin forwarded message: > >> Resent-From: member-xmlsec@w3.org >> From: "ext Sean Mullan" <Sean.Mullan@Sun.COM> >> Date: September 17, 2008 4:06:11 PM EDT >> To: "member-xmlsec@w3.org" <member-xmlsec@w3.org> >> Subject: A couple of comments on Best Practices doc >> >> >> Section 1, Overview >> >> Both paragraphs say essentially the same thing. I suggest removing >> the first paragraph, as the 2nd one contains useful links. >> >> Section 2.1.4, 4th paragraph, last sentence: >> >> "Retrieval of remote references may also leak information about the >> verifiers of a message, as with a "web bug"." >> >> There are not enough details as to what a "web bug" is and what the >> threat is. I suggest removing it or adding more explanation. >> >> --Sean >> >> >
Received on Monday, 22 September 2008 21:14:39 UTC