- From: Booth, David (HP Software - Boston) <dbooth@hp.com>
- Date: Mon, 2 Oct 2006 10:22:00 -0400
- To: <noah_mendelsohn@us.ibm.com>, <www-tag@w3.org>
Noah, Excellent addition (malicious metadata). I don't want to delay publication, but there is one little phrasing that worries me. Section 2.8 says: "Thus, the primary fault in this scenario rests with the web site administrators who served an executable that was intended to damage Bob's machine". But section 3 says: "In other cases, users are responsible for the consequences of any incorrect inferences." I would not want someone to use that last sentence as justification for something misleading. As it stands, it's a bit of a mixed message. How about rephrasing that sentence, perhaps like: "In other cases, users should be aware that their inferences may be incorrect and the effect could be malicious." David Booth, Ph.D. HP Software dbooth@hp.com Phone: +1 617 629 8881 > -----Original Message----- > From: www-tag-request@w3.org [mailto:www-tag-request@w3.org] > On Behalf Of Rice, Ed (ProCurve) > Sent: Sunday, October 01, 2006 11:26 PM > To: noah_mendelsohn@us.ibm.com; www-tag@w3.org > Cc: Williams, Stuart (HP Labs, Bristol) > Subject: RE: [metadataInURI-31] New draft of metadata in URI > finding includes section on malicious metadata > > > Hi Noah, > > I reviewed the document and am happy with the explanation. Thanks for > adding that section. > > I'd say its good to publish :) > _Ed > > > -----Original Message----- > From: www-tag-request@w3.org [mailto:www-tag-request@w3.org] On Behalf > Of noah_mendelsohn@us.ibm.com > Sent: Sunday, October 01, 2006 8:49 AM > To: www-tag@w3.org > Cc: Williams, Stuart (HP Labs, Bristol) > Subject: [metadataInURI-31] New draft of metadata in URI finding > includes section on malicious metadata > > > I am pleased to announce the availability of a new draft of > the finding: > > "The use of Metadata in URIs" [1,2,3,]. The principle change is the > addition of a section [4] on malicious metadata, using an example of a > site serving a URI ending in ".jpeg" with a representation that is a > malicious executable. There are a few other changes, primarily as > promised in response to comments made by Stuart Williams and David > Booth. > [5]. While it would probably be prudent for at least one other TAG > member to do an end-to-end check before we publish, I think most > reviewers will do fine if they focus on the new section at [4], and > perhaps quickly review my response to Stuart at [5]. > > Although comments on TAG findings are always welcome, I > should point out > that the TAG has as early as June signaled its intention to > publish this > one, albeit now with the new section if it meets with > approval. Clearly > review of of the recent changes is in order before we publish, but > there is a good chance that comments on other aspects of the finding > will be queued for consideration should we later wish to > republish. In > short, I think it's about time to ship this. > > Thank you! > > Noah > > [1] http://www.w3.org/2001/tag/doc/metaDataInURI-31 > [2] http://www.w3.org/2001/tag/doc/metaDataInURI-31-20061001.html > [3] http://www.w3.org/2001/tag/doc/metaDataInURI-31-20061001.xml > [4] > http://www.w3.org/2001/tag/doc/metaDataInURI-31-20061001.html# > malicious > [5] http://lists.w3.org/Archives/Public/www-tag/2006Sep/0110.html > > -------------------------------------- > Noah Mendelsohn > IBM Corporation > One Rogers Street > Cambridge, MA 02142 > 1-617-693-4036 > -------------------------------------- > > > > > > >
Received on Monday, 2 October 2006 14:31:29 UTC