W3C home > Mailing lists > Public > public-wsc-wg@w3.org > November 2007

Proposal for ISSUE-130: TLS across multiple devices

From: Thomas Roessler <tlr@w3.org>
Date: Mon, 5 Nov 2007 12:10:57 -0500
To: WSC WG <public-wsc-wg@w3.org>
Message-ID: <20071105171057.GA17837@raktajino.does-not-exist.org>

I've done some word-smithing on ISSUE-130 in the spirit of our
discussion, and after looking at some of the MWBP material. Here it
is:

  http://www.w3.org/2006/WSC/drafts/rec/#tls-across-devices

  Web content SHOULD be designed offer the same security user
  experience across different user agents and devices. Web site
  owners SHOULD perform tests of the TLS security and trust features
  of their site on various devices.

  Web site owners operating TLS-protected sites should anticipate
  the use of those sites from mobile devices which may have
  constrained capabilities, or diverging sets of trust anchors.
  These limitations can usually be addressed in ways that preserve
  security without hurting the user experience on either device. In
  particular, Web sites can often avoid designing to revert to an
  insecure state instead, blocking mobile access, or leaving trust
  decisions to the user.

Thoughts?
-- 
Thomas Roessler, W3C  <tlr@w3.org>
Received on Monday, 5 November 2007 17:11:07 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:53 GMT