On 2/23/09 11:46 AM, "Adam Barth" <w...@adambarth.com> wrote:
> Reality is not as binary as you imply. There are a spectrum of threat > models corresponding to different attacker abilities. Exactly! And I am already aware of one effort looking to add a trust layer to host-meta. Your suggestion of competing solutions fails simple test. It is easier to make the use of host-meta more restrictive (perhaps as you suggested) than invent a completely new one. Nothing in host-meta prevents you from implementing these restrictions (content type, redirections). By itself, host-meta includes no sensitive information or anything that can pose a threat. That will come from applications using it as a facility, just like they use HTTP. We view standards architecture in a very different way. I want to create building blocks and only standardize where there is an overwhelming value in posing restrictions. EHL
