IETF Logo Mail Archive

Re: Last Call: <draft-nottingham-safe-hint-05.txt> (The "safe" HTTP Preference) to Proposed Standard

Dave Crocker <dhc@dcrocker.net> Tue, 28 October 2014 02:13 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CD481A8776 for <ietf@ietfa.amsl.com>; Mon, 27 Oct 2014 19:13:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fQ0iUibb5RKV for <ietf@ietfa.amsl.com>; Mon, 27 Oct 2014 19:13:37 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A0811A87C3 for <ietf@ietf.org>; Mon, 27 Oct 2014 19:13:37 -0700 (PDT)
Received: from [192.168.1.66] (76-218-8-156.lightspeed.sntcca.sbcglobal.net [76.218.8.156]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id s9S2DWw8017424 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 27 Oct 2014 19:13:35 -0700
Message-ID: <544EFBC2.5070402@dcrocker.net>
Date: Mon, 27 Oct 2014 19:13:22 -0700
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Subject: Re: Last Call: <draft-nottingham-safe-hint-05.txt> (The "safe" HTTP Preference) to Proposed Standard
References: <20141028004920.51745.qmail@ary.lan> <544EF0A4.7090609@gmail.com>
In-Reply-To: <544EF0A4.7090609@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.66]); Mon, 27 Oct 2014 19:13:35 -0700 (PDT)
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/FmS56C0lBCEegYYe2ohgi7A8M2o
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Oct 2014 02:13:45 -0000

On 10/27/2014 6:25 PM, Brian E Carpenter wrote:
> Yes, of course, but now they could automatically persuade a
> browser itself that they conform to the IETF RFC7xxx standard
> for safe browsing. Maybe the browser could display a little
> "figleaf" icon just like the little "padlock" icon.


"persuade a browser itself" has nothing to do with the current proposal,
since the current proposal stops with making a request to the server.

So there is no model for communicating back to the browser that content
is safe or not, nevermind for communicating up to the user.

Hence this concern is another case of extrapolating far beyond the
current specification, constructing a strawman, and then using it to
argue against the actual proposal.

It would be particularly foolish for a browser to attach a
safety-related icon when there is no safe 'mode' acknowledged by the
server.  And it would be foolish to pursue such an acknowledgement for
the current proposal, since it is seeking a far simpler and more narrow
scope.

d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

v2.23.0 | Report a Bug | By Email