W3C home > Mailing lists > Public > public-wsc-wg@w3.org > November 2007

RE: Proposal for ISSUE-130: TLS across multiple devices

From: Luis Barriga <luis.barriga@ericsson.com>
Date: Tue, 6 Nov 2007 19:57:49 +0100
Message-ID: <1C6A13C92F510849B72272A71F9F3BCB0F8F56@esealmw105.eemea.ericsson.se>
To: <public-wsc-wg@w3.org>

Two comments:

Now>>"Web content SHOULD be designed offer the same security user experience across ..."

luis>> Web content designers can control user experience (UX) which is largely defined by the browser. Asking for the *same* UX is non-desirable. The web content designer can only control trust anchor and TLS consistency. Proposal to rephrase to: 

New>> "Web content SHOULD be designed offer the trust and TLS consistency across ..."

Now>>"Web site owners operating TLS-protected sites should anticipate the use of those sites from mobile devices which may have constrained capabilities, or diverging sets of trust anchors"

luis>> Diverging sets of trust anchors is a consequence of, not an alternative to, 
constrained capabilities. Proposal to rephrase to:

New>>"Web site owners operating TLS-protected sites should anticipate the use of those sites from mobile devices which may have constrained capabilities e.g. diverging sets of trust anchors or limited cryptographic mechanisms"


-----Original Message-----
From: public-wsc-wg-request@w3.org on behalf of Thomas Roessler
Sent: Mon 2007-11-05 18:10
To: WSC WG
Subject: Proposal for ISSUE-130: TLS across multiple devices
 

I've done some word-smithing on ISSUE-130 in the spirit of our
discussion, and after looking at some of the MWBP material. Here it
is:

  http://www.w3.org/2006/WSC/drafts/rec/#tls-across-devices

  Web content SHOULD be designed offer the same security user
  experience across different user agents and devices. Web site
  owners SHOULD perform tests of the TLS security and trust features
  of their site on various devices.

  Web site owners operating TLS-protected sites should anticipate
  the use of those sites from mobile devices which may have
  constrained capabilities, or diverging sets of trust anchors.
  These limitations can usually be addressed in ways that preserve
  security without hurting the user experience on either device. In
  particular, Web sites can often avoid designing to revert to an
  insecure state instead, blocking mobile access, or leaving trust
  decisions to the user.

Thoughts?
-- 
Thomas Roessler, W3C  <tlr@w3.org>
Received on Tuesday, 6 November 2007 19:01:15 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:53 GMT