Mark Curphey wrote:

> What happens to the XML P3P policy file - Does it need to validate the
> DTD at w3c or similar ?

Well I think its best for all XML documents to reference a DTD, but it
does not exactly have to. The parser can continue if it can display
properly. But for security, DTD are essential to make sure the document
adheres to it properly.

> I have seen some amuzing applications that will
> just stop when they can't validate a DTD.

Badly designed apps me thinks.

> Basing checking privacy preferences
> on DNS wouldnt seem appropriate if it does !

DNS is another issue when the client recieves the policy. If you can
spoof the DNS entry, you might escalate privs of YOUR policy.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]