W3C home > Mailing lists > Public > public-wsc-wg@w3.org > August 2007

Old SSL (Re: Current state of editor's draft / IdentitySignal)

From: Thomas Roessler <tlr@w3.org>
Date: Sat, 25 Aug 2007 11:27:29 +0200
To: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Cc: public-wsc-wg@w3.org
Message-ID: <20070825092729.GI28658@raktajino.does-not-exist.org> 

On 2007-08-24 14:00:49 -0400, Mary Ellen Zurko wrote:

> "We could use this section to deprecate old versions of SSL.
> Shall we? "

> Connect the dots for me - how is that in our charter? And what
> goal would would it support? 

The way the text is currently structured, we will be saying that
certain crypto algorithms (ideally defined by invocation of some
relevant external standard) should cause the client to get a little
nervous about the ongoing interaction ("weak protection"), and act
accordingly (flag a change of security level, not show strong
identity indicatos, ...)

Old versions of SSL probably belong into that category.

-- 
Thomas Roessler, W3C  <tlr@w3.org>
Received on Saturday, 25 August 2007 09:27:31 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:50 GMT