But it's not just web pages, is it? Almost all Word or Excel files basically have the "dirty bit" - when you fire them up, you are asked if you trust the file and if you want to run the macros.
That's right, and the mechanism you describe for Word matches the behaviour I proposed for the scripted HTML case, but my proposal doesn't require any "dirty bit". Also, you've offered no evidence that such a dirty bit exists inside Word documents.
This thread, however, is not about technical specs. It's about how Microsoft can use rhetoric to damage the credibility of the web, and how other people can help them do that by naively mimicking their behaviour.
There's no rhetoric on the MS web site about the "mark of Word", for example. Why not? Because it would be negative.
It seems to me that the right way to do that is mark saved web pages
> with their origin - which is what the MOTW is.
Well, fine. It "seems to me" that marking is a poor solution. Stalemate. A more persuasive argument would be nice.
Do you think Longhorn has a magic solution to the untrusted content problem?
I don't see how that bears on the matter here. No one's proposing a "mark of Longhorn", unless you are. Instead, we're debating whether the web is safe or not. Microsoft is probably listening in with absolute glee. Time to be more positive about the web, in my view. No "mark of the web" ghetto armbands for me.
- N. _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
