Re: Security

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view

From: Matt Curtin (cmcurtin@interhack.net)
Date: Wed Mar 14 2001 - 08:06:31 CST

Next message: John Stanley: "Re: Security"
Previous message: Russ Allbery: "Re: Security"
Next in thread: Clive D.W. Feather: "Re: Security"

>>>>> "Charles" == Charles Lindsey <chl@clw.cs.man.ac.uk> writes:

>> Please completely take out crosspostings from that part.

Charles> OK, does anyone else want me to remove those words?

I'd prefer them not to be there, but I won't make a big stink if they
stay. I think it's generally important to be as precise as possible
with our wording and not to endorse any "distortion" of meaning by
using a specific term in a more general sense. If we're talking about
the general, we should use a general term; specifics should be
specific. :-)

I am often accused of being a pedant.

  Charles> "It is recommended that reading agents do not enable the
  Charles> execution of such code (since it is extremely unlikely to
  Charles> have a valid application within Netnews) and that they only
  Charles> honour URLs referring to other parts of the same article."

This advice is probably good, but I can envision some cases where the
advice might be worth breaking. Imagine a client that can discern
levels of trustworthiness. If some authentication mechanism is
present, the external URLs might be worth following without further
ado; without authentication present, external URLs might be worth
following only after confirmation from the user; et cetera...

Maybe "better" wording would be "not to honour blindly URLs external
to the current article" or something similar. Actually, I can think
of a bunch of different things that seems kind of relevant, but are
getting way outside of the scope of news, at least as the core
specification. I wonder if it's worth having a completely separate
document that deals in general with trustworthiness, execution of
code, etc., on the Net. Could something like that help to clean this
section up, or at least help to clarify what we're talking about here
without specifying all of this stuff in a news standard?

-- 
Matt Curtin, Founder   Interhack Corporation   http://www.interhack.net/
"Building the Internet, Securely."   research | development | consulting

Next message: John Stanley: "Re: Security"
Previous message: Russ Allbery: "Re: Security"
Next in thread: Clive D.W. Feather: "Re: Security"

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view

This archive was generated by hypermail 2b29.