CT Guidelines Version 1u

View: New views

2 Messages — Rating Filter: Alert me

CT Guidelines Version 1u

by Jo Rabin-2 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Hi

I have enacted the resolutions taken on yesterday's call in the newly
released version of this document [1]. ACTION-1011, ACTION-1012,
ACTION-1013, ACTION-1014 refer.

[1]
http://www.w3.org/2005/MWI/BPWG/Group/TaskForces/CT/editors-drafts/Guidelines/090923

A reminder that we plan to take a resolution on next week's call to
request elevation to Last Call unless there are any show-stoppers in
between.

Thanks
Jo

Re: CT Guidelines Version 1u

by Eduardo Casais :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

All right, let us nail down the decisions from the last
teleconference. The text of CT 1u is:
-----
H.1.2 Use of HTTP 403 Status

Servers should consider using an HTTP 403 Status if
concerned that the security of a link that it assumed to
be private has been compromised (for example as a
result of the presence of a Via HTTP header in an
HTTPS request).
-----
The sentence is to be grammatically (first part), formally (HTTP header field), and semantically (Via fields do not
cause security issues, they reveal them) corrected to:
-----
Servers should consider using an HTTP 403 Status if concerned that the security of a link assumed to be
private has been compromised (for example, the lack of
privacy may be inferred from the presence of a Via HTTP
header field in an HTTPS request).
-----

E.Casais