Ok, so lets just say that having a DTD to adhere to for any XML document
is essential for security reasons. Now, for a given XML document, lets say
the policy file.... where does it reside... I can only guess that this would be

at W3C as well. But, it would be even better as you have said to keep
it locally on the users machine.

But this raises a few questions...a few of the minor ones being, what happens
if there is a change in the P3P spec... how does the client know when
that happens to go and get it... or how can the client be sure that the
DTD has not been... modified... or rendered inaccessible.... Probably all
of these problems can be over come... but the question is... have they?

Would in fact DoSing the DTD machines in fact rendered P3P compatible
browsers helpless... hmmm.... weirder things have happened....

back to the P3P spec I go.

Jer-

Mark Curphey wrote:

> Agree but pointing to a local DTD that you have control over would make more
> sense. I guess I am not sure what would happen in P3P if the browser
> couldn't connet to the dtd at W3. If the browser can't vallidaethe ploc
> sodefauls to a "close on fail" type policy thewen the page wouuld not be
> displaayd. Imagine if somoeone hacked th w3c servers ! Could they stop
> millions of IE6 users from browsing ?

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]