- From: Thomas Roessler <tlr@w3.org>
- Date: Sat, 25 Aug 2007 11:27:29 +0200
- To: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
- Cc: public-wsc-wg@w3.org
On 2007-08-24 14:00:49 -0400, Mary Ellen Zurko wrote:
> "We could use this section to deprecate old versions of SSL.
> Shall we? "
> Connect the dots for me - how is that in our charter? And what
> goal would would it support?
The way the text is currently structured, we will be saying that
certain crypto algorithms (ideally defined by invocation of some
relevant external standard) should cause the client to get a little
nervous about the ongoing interaction ("weak protection"), and act
accordingly (flag a change of security level, not show strong
identity indicatos, ...)
Old versions of SSL probably belong into that category.
--
Thomas Roessler, W3C <tlr@w3.org>
Received on Saturday, 25 August 2007 09:27:31 UTC