ISSUE-140: Don't show certificate information as identity when its weak [wsc-xit] from Web Security Context Working Group Issue Tracker on 2007-12-14 (public-wsc-wg@w3.org from December 2007)

From: Web Security Context Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Fri, 14 Dec 2007 22:23:59 +0000 (GMT)
To: public-wsc-wg@w3.org
Message-Id: <20071214222359.37697C6DB0@barney.w3.org>

ISSUE-140: Don't show certificate information as identity when its weak [wsc-xit]

http://www.w3.org/2006/WSC/track/issues/

Raised by: Mary Ellen Zurko
On product: wsc-xit

6.1.2

"During interactions with pages that were (all or in part) retrieved through weakly TLS-protected interactions, Web user agents MUST NOT display any logotypes derived from certificates."

I would like to see this cover all of identity signal, since identity signal is derived from attested certificates. A straw proposal is to change that line to: 
During interactions with pages that were (all or in part) retrieved through weakly TLS-protected interactions, Web user agents MUST NOT display any identity signal content derived from certificates.

Received on Friday, 14 December 2007 22:24:05 UTC