- From: Noah Mendelsohn <nrm@arcanedomain.com>
- Date: Tue, 01 Mar 2011 14:37:02 -0500
- To: Jonathan Rees <jar@creativecommons.org>
- CC: "www-tag@w3.org" <www-tag@w3.org>
On 3/1/2011 2:06 PM, Jonathan Rees wrote: > Until now the browser has been a user-agent, acting on > the user's behalf. This is true even when CORS is added. If I > understand it correctly, this proposal enlists the browser as a > server-agent as well, rather like DRM. That's an interesting point, but I don't think the history is quite as clear as you imply. In many traditional Web interaction scenarios, the server depends, at least to some degree, on the correctness and good faith of the client. For example, is it really only the user who cares that certificates are checked when https-scheme URIs are derferenced? Clearly, any sufficiently knowledgeable user would care, but so might my bank, which might otherwise be somewhat more vulernable to man-in-the-middle attacks, I think. In that case, I think both the use and (the application at) the server care. Noah
Received on Tuesday, 1 March 2011 19:37:33 UTC