ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] (offtopicish) RFC 4871 Word Cloud

2009-04-18 17:34:46
Doug Otis wrote:

On Apr 16, 2009, at 11:05 PM, Hector Santos wrote:

If you use FF, I recommend using the NoScript plugin to protect yourself.

Agreed.  Unfortunately, even our portal requires third-party cookies 
used by a news feed. :^(

Whats amazing and humbling experience to see the tide with the current 
generation of development lacking a regard for backward compatibility.

<optional type="personal note">

Maybe because the current generation don't have the insight to design 
for backward compatibility - they know what they know now.  In other 
words, a portal designed for normal HTML is no longer important.  For 
our web portal, designed in 1996, we intentionally avoid UI designs 
that required cookies and javascript - pure HTML.  It was only in 
2004/5 when we updated the web portal to OPTIONALLY support 
javascript, cookie-based authentication. IOW, it didn't break down if 
the user has javascript and/or cookies disabled.

IMO, that sorta of design is now lacking.  Increasingly, I'm seeing 
more web sites totally breakdown with the better ones throwing up a 
browser requirements page.  In a way, thats good for us. Do the same 
thing and reduce the complexity of the backward compatibility web UI.

What bothers me though is that much of whats going on is being done by 
14-18 years old who IMO lack experience in social engineering and 
ethical design considerations.  To them the idea of COOKIES and 
JAVASCRIPT being disabled is unthinkable.

I have to give credit to gmail.com for their web-based UI.  Here they 
designed it for both javascript and non-javascript operations.  In 
fact, if you don't like the silly ads in the GMAIL.COM mail display, 
turn off Javascript and switch the HTML mode.

</optional>

Keeping this somewhat related to DKIM <g> I can see how 
Cookies/Javascript can be used for web based MUAs.

For example, we can have a AJAX based MAIL API where a message display 
  can be done by our backend:

      From: doug
      To:  hector
      Status: Signed by DKIM

The display includes javascript that to show an ajax-based DKIM status 
information request:

    Status: <div onCLick="ajaxDkimStatus();">Signed By DKIM</div>

Clicking it does a background Ajax call, and displays a overlapping 
popup <div id="dkimStatus_Result"><div> window.  It might use a cookie 
to store the current message id for reference.

If the user has cookies/javascript disabled, this breaks down. Does 
not provide me the incentive to do this.  For the new generation, they 
  won't think twice.  :-)

-- 
Sincerely

Hector Santos
http://www.santronics.com


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html