- From: <stephen.farrell@cs.tcd.ie>
- Date: Tue, 5 Jun 2007 17:48:01 +0100 (IST)
- To: "Doyle, Bill" <wdoyle@mitre.org>
- Cc: "Hallam-Baker, Phillip" <pbaker@verisign.com>, "Stephen Farrell" <stephen.farrell@cs.tcd.ie>, "W3 Work Group" <public-wsc-wg@w3.org>
> > For 2.3 and 2.4 - a discussion took place that separated chrome into > areas that could be considered verifiable (Cert, EV) and informational > for presenting info like Favicons. I think that that makes sense and that just like we extended the favicon discussion at the f2f to something more abstract about server-provided data, so it would be proper to extend this part to cover UA display of 3rd-party data about the site. Today, and probably for a good while, the most-well-defined, best-supported form of such data is the X.509 stuff you get from TLS. However, someday, or more likely, in some specific contexts, some kind of reputation data might be even better. So, just like we wouldn't want to tell the UA folks how to calculate a reputation, we don't want to tell them how a CA should decide what to put in certs. If we've something to say to CA operators, that should be separated out and written for them. > Currently secure and informational data is mixed, users don't pay > attention to secure data because we really can't tell what is being > presented; padlock, green bar, yellow bar click on me I am secure.. > Items 2.3 and 2.4 fall into presentation, I would like to see a general > fix for presentation of security information. Indeed. And definitely something we want to help fix. S.
Received on Tuesday, 5 June 2007 16:48:24 UTC