On Thu, 7 Feb 2002, Patrik Fältström wrote:
> The point IESG is making is that this problem is not described enough in
> the document. That is different than saying the problem have to be solved
> in this document alone.
>
> The "Security Consideration Section" is to be read by the people interested
> in the protocol, which include the people writing software which create
> HTML. It is extremely important the text in this section is written in a
> way so the implementor create the application so the end-user have
> influence over this data.
>
> That is not the case with other data which today is put automatically in
> the html code, and IESG is concerned over that fact.
>
> paf
My apologies for not following up on this in a more timely fashion.
I believed that I had described the problem in this revision of the
document. The location data is intended to specifically refer to
the content of the page, not the author, and as such should not
under normal circumstances be generated automatically such as is
often done for author, publisher, generating software etc.
However I acknowledge that there may be cases where location data is
generated on a dynamic page in real-time, where there is cause for
concern if the operator is unaware of the fact. In normal use, there is
in my opinion no additional privacy or security risk over that
engendered by someone placing their name and address on a page and
another user reading it, or of someone filling out a lifestyle survey in
a magazine. (That is not to say that I regard such risk
as minimal, but that I believe it is regarded as a currently acceptable
level of risk by the majority of (perhaps ill-informed) people. In fact,
I am somewhat concerned over the easy availability of telephone
directories and other personal data in fully-searchable form. Maybe I
should change my name to "Smith" ...)
If there is some specific discussion or recommendation which would
render the draft acceptable to IESG then clearly that could be
inserted; in fact I thought this had already been done once.
Perhaps I just have to wait for the privacy draft to be
finalised and refer to that.
Dante Castiglione writes:
>I do not understand *from* *where* the HTML creation program may take
>this "geographical information" to put it on a hidden tag.
Either (incorrectly) from some user configuration about the webserver
or author, as is inserted by e.g. Microsoft Word, or indeed from a GPS
device. I read that the price of these is expected to fall rapidly, and
navigation software such as is used on private boats and aircraft may
become ubiquitous, as in Japan.
-- Andrew Daviel Vancouver WebpagesReceived on Wed Feb 13 12:35:10 2002
This archive was generated by hypermail 2.1.8 : Thu Jan 22 2004 - 12:32:22 EST