W3C home > Mailing lists > Public > public-wsc-wg@w3.org > November 2007

Re: ISSUE-132: Update Section 10.1 of wsc-xit with information from updated browser lock down wiki page

From: Ian Fette <ifette@google.com>
Date: Mon, 26 Nov 2007 09:40:09 -0800
Message-ID: <bbeaa26f0711260940n28897e7ev79955886e38541eb@mail.gmail.com>
To: "Dan Schutzer" <dan.schutzer@fstc.org>
Cc: "Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com>, "Web Security Context Working Group WG" <public-wsc-wg@w3.org>

Yes, but then they call up their help desk / ISP / son / whomever, and
are asked "Is HTTPS over SOCKS checked or unchecked" and they say "I
don't see where that option is...".

I really don't see why the user should ever be prevented from at least
viewing the settings.

On Nov 26, 2007 9:16 AM, Dan Schutzer <dan.schutzer@fstc.org> wrote:
>
>
>
>
> I would agree that a user should always be able to view and modify
> security-related configuration settings, but that if a user agent does their
> job correctly, it should not be necessary, especially for the user who would
> have trouble understanding the kind of detailed security configuration
> settings that one sees today in the Security tab
>
>
>
>  ________________________________
>
>
> From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On
> Behalf Of Mary Ellen Zurko
>  Sent: Monday, November 26, 2007 11:36 AM
>  To: Web Security Context Working Group WG
>  Subject: Re: ISSUE-132: Update Section 10.1 of wsc-xit with information
> from updated browser lock down wiki page
>
>
>
>
>
>  "A user agent MUST support a mode of operation whereby the user is unable
> to view or modify the security-related configuration settings. "
>
>  It seems wrong to me that there is a mode where the user is unable to view
> the security related configuration settings. In every context I've ever been
> in, having some ability to get to more information if helpful.
>
>  I would remove the "view or" part of this, unless I'm missing something.
Received on Monday, 26 November 2007 17:40:34 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:53 GMT