RE: ACTION-182 from michael.mccormick@wellsfargo.com on 2007-04-23 (public-wsc-wg@w3.org from April 2007)

From: <michael.mccormick@wellsfargo.com>
Date: Mon, 23 Apr 2007 17:41:17 -0500
To: <Mary_Ellen_Zurko@notesdev.ibm.com>
Cc: <public-wsc-wg@w3.org>
Message-ID: <8A794A6D6932D146B2949441ECFC9D6802B4D3BA@msgswbmnmsp17.wellsfargo.com>

After review of the 4-4-07 minutes, it's clear to me now that I cannot satisfy ACTION-182 with the FSTC recommendations.  Nonetheless, Dan Schutzer has kindly agreed to submit the subset of FSTC's suggested browser enhancements that are most applicable to WSC.
 
It appears ACTION-182 stems from my Lightning Discussion on 4 April about the cryptic IE6 browser errors that I received when I encountered a self-signed SSL certificate at the www.x9.org web site.  According to my notes, as well as the official meeting notes from Thomas, we had a lively discussion about the security anti patterns implied by such browser error messages.  In particular I captured the following possible anti patterns in my notes:
 
1. Use of technical jargon containing terms with which the average layperson is not familiar.
2. Providing a web site's URL as the only contact info for it. (creates "catch-22" dilemma for user)
3. Actions suggested can't really be carried out.
4. Consequences or risks of user actions not explained.
 
These are the [anti-]recommendations I propose we adopt.  Anticipating comment, I haven't yet updated the wiki.  Cheers Mike

  _____  

From: McCormick, Mike 
Sent: Monday, April 23, 2007 9:45 AM
To: 'Mary Ellen Zurko'
Cc: public-wsc-wg@w3.org
Subject: RE: ACTION-182


I'm discussing next steps with Chuck Wade and Dan Schutzer.  Thanks, Mike

  _____  

From: Mary Ellen Zurko [mailto:Mary_Ellen_Zurko@notesdev.ibm.com] 
Sent: Friday, April 20, 2007 4:22 PM
To: McCormick, Mike
Cc: public-wsc-wg@w3.org
Subject: Re: ACTION-182



Hi Michale, 

The action includes extracting a draft of the related recommendations and putting it into the wiki. The FSTC browser document can't be that (as was pointed out, I think by Chuck, during our last call). The only way not to lose the content of the discussion is for you to draft some recommendations for us. 

          Mez

Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
Lotus/WPLC Security Strategy and Patent Innovation Architect




<michael.mccormick@wellsfargo.com> 
Sent by: public-wsc-wg-request@w3.org 

04/20/2007 04:20 PM 

To
<tlr@w3.org> 
cc
<public-wsc-wg@w3.org> 
Subject
ACTION-182 

  




I believe this action can be closed since I facilitated a discussion of TLS issues during a Lighting Round on 11 April plus I posted FSTC browser enhancements (including TLS recommendations) to the Recommendations page on 3 April.  Thanks, Mike 

Michael McCormick, CISSP 
Lead Architect, Information Security Technology 
Wells Fargo Bank 
255 Second Avenue South 
MAC N9301-01J 
Minneapolis MN 55479 
*      612-667-9227 (desk)             *       612-667-7037 (fax) 
(   612-590-1437 (cell)             :-)       michael.mccormick@wellsfargo.com (AIM) 
*       612-621-1318 (pager)            *       michael.mccormick@wellsfargo.com <mailto:michael.mccormick@wellsfargo.com>  

“THESE OPINIONS ARE STRICTLY MY OWN AND NOT NECESSARILY THOSE OF WELLS FARGO" 
This message may contain confidential and/or privileged information.  If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein.  If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message.  Thank you for your cooperation.

Received on Monday, 23 April 2007 22:41:35 UTC