On 28 April 2014 19:51, Chris Palmer <[email protected]> wrote: > I see your point... is the attack so marginal that it doesn't matter > either way? I'm not sure I feel strongly any more on this topic.
I would call the difference marginal only if the we never envision the report having anything done with it except immediate sending. If it's stored for later, logged, a browser extension collects them all and sends them out through Tor or some other mechanism... then I would say it's not marginal. And since those are possibilities, I would say it would be better to remove the paragraph and not have different behavior. It would also probably make the code simpler, too. -tom _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
