W3C home > Mailing lists > Public > public-wsc-wg@w3.org > December 2007

ISSUE-136: Allow new established patterns to redefine what's expected in terms of strong TLS protection [wsc-xit]

From: Web Security Context Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Fri, 14 Dec 2007 22:05:18 +0000 (GMT)
To: public-wsc-wg@w3.org
Message-Id: <20071214220518.3913CC6DB0@barney.w3.org>


ISSUE-136: Allow new established patterns to redefine what's expected in terms of strong TLS protection [wsc-xit]

http://www.w3.org/2006/WSC/track/issues/

Raised by: Mary Ellen Zurko
On product: wsc-xit

5.5.3

"Web user agents that have found a resource strongly TLS protected during past interactions MUST consider an interaction with the same resource as a change of security level if that interaction is not strongly TLS protected. "

I believe the "during past interactions" to be stronger than we intend. It seems to include a site that used to be strongly TLS protected long ago, changed over to a self signed cert, and even after the probation period. I would argue that a new pattern has been established by then, therefore there is no change in security level. 
Received on Friday, 14 December 2007 22:05:25 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:14:19 UTC