- From: Ian Hickson <ian@hixie.ch>
- Date: Thu, 4 Nov 2004 02:03:39 +0000 (UTC)
- To: Peter Sorotokin <psorotok@adobe.com>
- Cc: www-svg@w3.org
On Wed, 3 Nov 2004, Peter Sorotokin wrote: > > Most secure UAs can block these connections (or require user to approve > it for a specific host, verify signatures, etc.). We are not imposing > our security model on UAs, we just outlining baseline expectations. The point is that once you've implemented this securely, it becomes less useful than URLRequest, since it can only access HTTP ports, but doesn't do HTTP. It seems bad to have a feature that is only useful if implemented in insecure ways. If the use case is only for secured networks, then it shouldn't be in a W3C spec (W3C specs being, by definition, designed for the Web). -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 4 November 2004 02:03:41 UTC