Re: Comments on the "new" 2518 -- XSS from Jason Crawford on 2006-03-22 (w3c-dist-auth@w3.org from January to March 2006)

From: Jason Crawford <nn683849@smallcue.com>
Date: Wed, 22 Mar 2006 01:23:41 -0500
To: w3c-dist-auth@w3.org
Cc:
Message-ID: <OF86DA0CE5.51938339-ON85257139.0021D684-85257139.002320CD@us.ibm.com>

On Tuesday, 03/21/2006 at 03:32 CET, Julian Reschke 
<nnjulian.reschke___at___gmx.de@smallcue.com> wrote:
> Hi,
> 
> I think that Kevin is correct that this is a new type of attack not
> discussed before, although I think it's misleading to call it an XSS 
attack.
> 
> I have opened a BugZilla issue for it
> (<http://ietf.cse.ucsc.edu:8080/bugzilla/show_bug.cgi?id=237>). Once we
> have consensus that this is a real problem, we need to discuss what to
> say in the Security Considerations section.

>From viruses, to spam, to copyrighted art,
to offensive material, this is a pervasive issue that
people should already be aware of.
I don't think WebDAV adds much new here and I don't think it's
necesary for the webdav spec to take responsibility for warning 
people about letting people or zombies put inappropriate content 
in public places. 

J.

Received on Wednesday, 22 March 2006 08:36:40 UTC