Hi Joe, On 11/13/14, 7:19 AM, Joseph Lorenzo Hall wrote: > > Hi, mnot has already heard the following concerns from us at CDT about > this spec, but we want to make sure that these are part of the IETF > last call comment record. > > * The "Safe" preference is not only a preference but a signal. It > signals user vulnerability; when activated, the header would signal > a user's potentially vulnerable status not only to site operators > who intend to reply in good faith, but to those that will operate in > bad faith and also to every intermediary on-path that could read the > preference request. While it could be the case that a user is vulnerable (a term that is a bit vague), it is also the case that many other users might choose to not want to receive content that is considered in some way "unsafe". One could even imagine "Safe" becoming a default setting. Eliot
Attachment:
signature.asc
Description: OpenPGP digital signature