W3C home > Mailing lists > Public > www-tag@w3.org > October 2006

[metadataInURI-31] New draft of metadata in URI finding includes section on malicious metadata

From: <noah_mendelsohn@us.ibm.com>
Date: Sun, 1 Oct 2006 11:48:42 -0400
To: www-tag@w3.org
Cc: Stuart Williams <skw@hp.com>
Message-ID: <OF3F929447.D084AEF3-ON852571FA.00561538-852571FA.0056DC92@lotus.com>

I am pleased to announce the availability of a new draft of the finding: 
"The use of Metadata in URIs" [1,2,3,].  The principle change is the 
addition of a section [4] on malicious metadata, using an example of a 
site serving a URI ending in ".jpeg" with a representation that is a 
malicious executable.  There are a few other changes, primarily as 
promised in response to comments made by Stuart Williams and David Booth. 
[5].  While it would probably be prudent for at least one other TAG member 
to do an end-to-end check before we publish, I think most reviewers will 
do fine if they focus on the new section at [4], and perhaps quickly 
review my response to Stuart at [5].

Although comments on TAG findings are always welcome, I should point out 
that the TAG has as early as June signaled its intention to publish this 
one, albeit now with the new section if it meets with approval.  Clearly 
review of of the recent changes is in order before we publish,  but there 
is a good chance that comments on other aspects of the finding will be 
queued for consideration should we later wish to republish.  In short, I 
think it's about time to ship this.

Thank you!


[1] http://www.w3.org/2001/tag/doc/metaDataInURI-31
[2] http://www.w3.org/2001/tag/doc/metaDataInURI-31-20061001.html
[3] http://www.w3.org/2001/tag/doc/metaDataInURI-31-20061001.xml
[5] http://lists.w3.org/Archives/Public/www-tag/2006Sep/0110.html

Noah Mendelsohn 
IBM Corporation
One Rogers Street
Cambridge, MA 02142
Received on Sunday, 1 October 2006 15:48:49 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:56:13 UTC