W3C home > Mailing lists > Public > public-wsc-wg@w3.org > December 2007

ISSUE-140: Don't show certificate information as identity when its weak [wsc-xit]

From: Web Security Context Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Fri, 14 Dec 2007 22:23:59 +0000 (GMT)
To: public-wsc-wg@w3.org
Message-Id: <20071214222359.37697C6DB0@barney.w3.org>


ISSUE-140: Don't show certificate information as identity when its weak [wsc-xit]

http://www.w3.org/2006/WSC/track/issues/

Raised by: Mary Ellen Zurko
On product: wsc-xit

6.1.2

"During interactions with pages that were (all or in part) retrieved through weakly TLS-protected interactions, Web user agents MUST NOT display any logotypes derived from certificates."

I would like to see this cover all of identity signal, since identity signal is derived from attested certificates. A straw proposal is to change that line to: 
During interactions with pages that were (all or in part) retrieved through weakly TLS-protected interactions, Web user agents MUST NOT display any identity signal content derived from certificates.
Received on Friday, 14 December 2007 22:24:05 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:14:19 UTC