W3C home > Mailing lists > Public > public-usable-authentication@w3.org > August 2012

Web Security Context: User Interface Guidelines feedback (REC-wsc-ui-20100812)

From: Richard Moore <rich@westpoint.ltd.uk>
Date: Fri, 24 Aug 2012 14:33:09 +0100
Message-ID: <50378295.8030102@westpoint.ltd.uk>
To: public-usable-authentication@w3.org
CC: Mark Quinn <scans@westpoint.ltd.uk>
Hi,

Good to see work on defining the UI requirements for SSL and TLS.
I notice in section 8.7 you identify some of the dynamic issues
that may change the security properties of a site, such as using
javascript. Unfortunately you've omitted one major one which is
possibility of renegotiation of the SSL/TLS connection itself.
This can significantly change the security properties of the
connection and needs to be considered too.

Regards

Rich.
-- 
Richard Moore, Chief Technology Officer,
Westpoint Ltd,
Albion Wharf, 19 Albion Street, Manchester, M1 5LN, England
Tel: +44 161 237 1028
Fax: +44 161 237 1031
Received on Sunday, 26 August 2012 12:18:52 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 26 August 2012 12:18:53 GMT