Re: ACTION-208: "Site Identifying Images in Chrome"displayrecommendation

On 2007-06-13 14:33:21 -0500, michael.mccormick@wellsfargo.com wrote:

> Variant 1 - Roessler Web User Agents MUST NOT display bitmaps
> controlled by Web Content in areas of the user interface that are
> intended or commonly used to communicate trust information to
> users. 
> 
> Variant 2 - McCormick Web User Agents MUST NOT display bitmaps
> controlled by Web Content in areas of the user interface that are
> commonly expected to be under the control of the user agent. 
> 
> The reason I think these variants seem equivalent is that a
> significant number of users assume any part of the UI controlled
> by the UA (aka "chrome") can be relied upon for trust
> information.  Why would I rely on trust information presented in
> one area of chrome (e.g., Location Bar) but not another (e.g.,
> Bookmark List)?  If some parts of chrome are truly more
> trustworthy than others, how is this distinction communicated to
> users?

In variant 2, "commonly expected" is phrased badly, I guess -- I
tried to avoid the "chrome" word which I probably shouldn't have in
my attempt to word Variant 2.

The basic notion in Variant 1 is that there are some regions in
chrome (such as the location bar and the status bar) that people are
generally asked to look at for trust metainformation, and that are
used for trust indicators, while there are other parts that are
commonly controlled by the browser UI, but not used for that
purpose.

It then basically says "don't mix trust indicators and site-supplied
bitmaps too closely"; it's a variation over the theme that security
information shouldn't be communicated in-band.

That aims to leave things like bookmarks, tab headings, desktop
icons out of the scope of the proposal -- as long as these aren't
used to also communicate trust information that could otherwise be
spoofed.

I'm not coming up with better wording right now.

Cheers,
-- 
Thomas Roessler, W3C  <tlr@w3.org>

Received on Wednesday, 13 June 2007 21:11:24 UTC