Re: [metadataInURI-31] Near Final Draft of The Use of Metadata In URIs from Dan Connolly on 2006-12-05 (www-tag@w3.org from December 2006)

From: Dan Connolly <connolly@w3.org>
Date: Tue, 05 Dec 2006 17:39:34 -0600
To: noah_mendelsohn@us.ibm.com
Cc: www-tag@w3.org, Ed Rice <ed.rice@hp.com>
Message-Id: <1165361974.4211.73.camel@dirk>

On Mon, 2006-12-04 at 20:19 -0500, noah_mendelsohn@us.ibm.com wrote:
> 
> On the TAG telconferece of 14 Nov. 2006 it was agreed that I would
> make one more revision to section 2.8 on Confusing or malicious
> metadata in the draft TAG finding on The Use of Metadata In URIs.
>  That work is done, and I am pleased to make available what I hope is
> a nearly final draft of this finding [2,3].  From the status section: 
> 
> "This version reflects proposed resolutions to all issues that the
> editors expect to address prior to publication as a TAG finding.
> Although a few revisions in response to recent comments are included
> throughout the finding, the only major changes are in the section 2.8
> Confusing or malicious metadata, which has been changed to reflect the
> direction suggested during the TAG's Teleconference of 14 November
> 2006. The Good Practice Note on use of operating system filenameshas
> also been revised to match the text suggested during that
> teleconference. " 
> 
> For the previous draft, we identified Ed and Dan as reviewers, so I
> expect that at least they will want to take a look before we formally
> approve. 

I'm looking at section 2.8 Confusing or malicious metadata.

It looks good.

3rd time's the charm. ;-)
(hmm... the long list under "Previous versions" suggests N>3 ;-)

To prove that I actually read it, a nit:

"Although naming an image/jpeg file with a URI ending in .exe is not
prohibited by Web architecture, doing so with the intention to deceive
users or to compromise their systems is of course not acceptable."

Maybe "... is of course malicious." Somehow "not acceptable"
doesn't seem right.

And under
"Indeed, many modern browsers suggest a name such as moviestar.exe.jpeg
when saving the example file above."

perhaps cite the bulletin
  http://www.microsoft.com/technet/security/Bulletin/MS01-058.mspx





> [1] http://www.w3.org/2001/tag/2006/11/14-tagmem-minutes#item02 
> [2] http://www.w3.org/2001/tag/doc/metaDataInURI-31.html
> [3] http://www.w3.org/2001/tag/doc/metaDataInURI-31-20061204.html
> 
> 
> --------------------------------------
> Noah Mendelsohn 
> IBM Corporation
> One Rogers Street
> Cambridge, MA 02142
> 1-617-693-4036
> --------------------------------------
> 
> 
> 
-- 
Dan Connolly, W3C http://www.w3.org/People/Connolly/
D3C2 887B 0F92 6005 C541  0875 0F91 96DE 6E52 C29E

Received on Tuesday, 5 December 2006 23:39:44 UTC