Re: Summary of "What is a secure page?" discussion, first draft from Maritza Johnson on 2007-07-11 (public-wsc-wg@w3.org from July 2007)

From: Maritza Johnson <maritzaj@gmail.com>
Date: Wed, 11 Jul 2007 13:56:45 +0000
To: "Doyle, Bill" <wdoyle@mitre.org>
Cc: <yngve@opera.com>, <public-wsc-wg@w3.org>
Message-Id: <BAB7CECC-6649-498E-8819-2ED704716CF7@gmail.com>

On May 9, 2007, at 10:49 PM, Doyle, Bill wrote:

> Citi bank has a padlock next to the "sign on" button on an HTTP page.
> Pressing the sign-on button the user is taken to an HTTPs page. Is  
> this
> over use of padlock icon?

yes.

I would argue that it's an inappropriate use of a lock because users  
would take the presence of _a_ lock as an indicator that the current  
login box was secure, not as an indicator that they should click on  
the lock to reach the secure page.



Apologies for the very delayed comment, this caught my eye when I was  
rereading the 'What is a secure page' thread ...
Maritza



> Functionality seem OK, the sign-on form or
> sign-on page is protected by https.
>
> http://www.citibank.com/us/d.htm
>
> This site listed below had a list of some https offenders - after
> poking, some of the sites appear to be fixed, now some of the  
> offenders
> are using https. Did this change take place because many browsers now
> highlight the use of https? Sites that don't use https don't look as
> secure?
>
> http://websitehelpers.com/general/securelogins.html
>
> Web page is noted as March 2006
>
> Bill
>
>
> -----Original Message-----
> From: public-wsc-wg-request@w3.org
> [mailto:public-wsc-wg-request@w3.org] On Behalf Of Yngve Nysaeter
> Pettersen
> Sent: Tuesday, May 08, 2007 12:58 PM
> To: public-wsc-wg@w3.org
> Subject: Re: Summary of "What is a secure page?" discussion, first
> draft
>
>
> On Tue, 24 Apr 2007 20:03:49 +0200, Yngve N. Pettersen (Developer  
> Opera
>
> Software ASA) <yngve@opera.com> wrote:
>
>>
>> * Current problems service-side.
>>
>>    - Websites (for example banks) use "padlock" on unsecure pages to
>> indicate the "security" of their login forms, which are posting to a
>> secure server.
>
> In case you are interested, Slashdot just started discussing a two  
> year
>
> old IE-Blog entry about the above topic.
>
>   http://it.slashdot.org/it/07/05/08/1226243.shtml
>
>
> -- 
> Sincerely,
> Yngve N. Pettersen
>
> ********************************************************************
> Senior Developer		             Email: yngve@opera.com
> Opera Software ASA                   http://www.opera.com/
> Phone:  +47 24 16 42 60              Fax:    +47 24 16 40 01
> ********************************************************************
>
>

Received on Wednesday, 11 July 2007 14:04:43 UTC