Re: Removal of the note about extensions

On Sun, Feb 23, 2014 at 6:58 PM, Mitar <mmitar@gmail.com> wrote:

> Hi!
>
> On Sat, Feb 22, 2014 at 1:09 PM, Glenn Adams <glenn@skynav.com> wrote:
> > That is how UAs work today already, so there is no requirement to state
> that
> > the UA is ultimately in control (of what policies are applied or not
> > applied). Removing the "recommendation" doesn't alter this situation.
>
> But it is useful to specify that again and again, to not forget, to
> not leave space for doubt. If UAs already work like that, great, just
> standardize that and it will be easy for UAs to comply with the
> standard.
>

Because a consensus doesn't exist on what a UA must do. Because in such a
case, it is traditional and typical to explicit leave it unspecified. I can
assure you that not all UAs will adopt the position of ignoring CSP in the
case of extensions/add-ons. In fact, I'm aware of a downstream
specification that mandates that UAs (that comply with that specification)
must enforce CSP policies, modulo explicit override by end user, in the
case of extensions/add-ons.

Given there will be different choices made in building and deploying
different UAs, it would be presumptuous to choose only one approach.


>
>
> Mitar
>
> --
> http://mitar.tnode.com/
> https://twitter.com/mitar_m
>

Received on Monday, 24 February 2014 05:48:00 UTC