- From: Richard Moore <rich@westpoint.ltd.uk>
- Date: Fri, 24 Aug 2012 14:33:09 +0100
- To: public-usable-authentication@w3.org
- CC: Mark Quinn <scans@westpoint.ltd.uk>
Hi, Good to see work on defining the UI requirements for SSL and TLS. I notice in section 8.7 you identify some of the dynamic issues that may change the security properties of a site, such as using javascript. Unfortunately you've omitted one major one which is possibility of renegotiation of the SSL/TLS connection itself. This can significantly change the security properties of the connection and needs to be considered too. Regards Rich. -- Richard Moore, Chief Technology Officer, Westpoint Ltd, Albion Wharf, 19 Albion Street, Manchester, M1 5LN, England Tel: +44 161 237 1028 Fax: +44 161 237 1031
Received on Sunday, 26 August 2012 12:18:52 UTC