RE: ACTION-250: propose breaking out 2.4 into its own proposal.recommendation from Doyle, Bill on 2007-06-05 (public-wsc-wg@w3.org from June 2007)

From: Doyle, Bill <wdoyle@mitre.org>
Date: Tue, 5 Jun 2007 12:30:16 -0400
To: "Hallam-Baker, Phillip" <pbaker@verisign.com>, "Stephen Farrell" <stephen.farrell@cs.tcd.ie>, "W3 Work Group" <public-wsc-wg@w3.org>
Message-ID: <518C60F36D5DBC489E91563736BA4B580179C607@IMCSRV5.MITRE.ORG>

For 2.3 and 2.4 - a discussion took place that separated chrome into
areas that could be considered verifiable (Cert, EV) and informational
for presenting info like Favicons.

Currently secure and informational data is mixed, users don't pay
attention to secure data because we really can't tell what is being
presented; padlock, green bar, yellow bar click on me I am secure..
Items 2.3 and 2.4 fall into presentation, I would like to see a general
fix for presentation of security information.

Bill D.


 

-----Original Message-----
From: public-wsc-wg-request@w3.org
[mailto:public-wsc-wg-request@w3.org] On Behalf Of Hallam-Baker,
Phillip
Sent: Tuesday, June 05, 2007 8:36 AM
To: Stephen Farrell; W3 Work Group
Subject: RE: ACTION-250: propose breaking out 2.4 into its own
proposal.recommendation


I agree, I think that we need to introduce a weasel phrase such as
'determined to be sufficiently trustworthy' to be used in the main body
of the text.

Then a section which sets out controls and criteria which MAY be
applied to determine that a party is sufficiently trustworthy,
accountability controls, velocity controls, revocation, &ct.

> -----Original Message-----
> From: public-wsc-wg-request@w3.org 
> [mailto:public-wsc-wg-request@w3.org] On Behalf Of Stephen Farrell
> Sent: Tuesday, June 05, 2007 5:44 AM
> To: W3 Work Group
> Subject: ACTION-250: propose breaking out 2.4 into its own 
> proposal.recommendation
> 
> 
> 
> Section 2.4 of the draft on recommendations [1], deals with a 
> number of PKI related things, that, I think, should be separated.
> 
> I think removing the advice to CA operators from here to 
> elsewhere is the thing to do. Stuff like:
> 
>     "CAs who issue high grade SSL certificates (such as EV) ought to
>     remind requesters that logographic imagery is subject to
trademark
>     laws and the requester is responsible to ensure the logo 
> they supply
>     to the RA is (a) legal for use in all countries and (b) visually
>     distinguishable from other logos."
> 
> ...belongs in its own "Proposals for CA operators" part and 
> shouldn't be mixed with guidance for UA vendors on when to 
> display PKI stuff.
> 
> Stephen.
> 
> [1] http://www.w3.org/2006/WSC/drafts/rec/#favicon-certlogos-rec
> 
>

Received on Tuesday, 5 June 2007 16:30:22 UTC