W3C home > Mailing lists > Public > public-usable-authentication@w3.org > August 2012

Web Security Context: User Interface Guidelines feedback (REC-wsc-ui-20100812)

From: Richard Moore <rich@westpoint.ltd.uk>
Date: Fri, 24 Aug 2012 14:33:09 +0100
Message-ID: <50378295.8030102@westpoint.ltd.uk>
To: public-usable-authentication@w3.org
CC: Mark Quinn <scans@westpoint.ltd.uk>

Good to see work on defining the UI requirements for SSL and TLS.
I notice in section 8.7 you identify some of the dynamic issues
that may change the security properties of a site, such as using
javascript. Unfortunately you've omitted one major one which is
possibility of renegotiation of the SSL/TLS connection itself.
This can significantly change the security properties of the
connection and needs to be considered too.


Richard Moore, Chief Technology Officer,
Westpoint Ltd,
Albion Wharf, 19 Albion Street, Manchester, M1 5LN, England
Tel: +44 161 237 1028
Fax: +44 161 237 1031
Received on Sunday, 26 August 2012 12:18:52 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:53:17 UTC