I would certainly agree to this recommendation. serge Web Security Context Working Group Issue Tracker wrote: > > ISSUE-130 (Trust Anchors): Trust Anchor Consistency Across Devices? [Techniques] > > http://www.w3.org/2006/WSC/track/issues/ > > Raised by: Luis Barriga > On product: Techniques > > At the f2f meeting I mentioned one of the findings on smart-phones: the pre-provisioned trust anchors in smartphones are disjoint from the ones in desktop browsers. The opposite is valid too. > > As a result, users visiting the one site on a smartphone and on a desktop browser will see TLS warnings that they has not seen previously when visiting the same site. (Trust is temporary unavailable) > > Shall we add a Deployment Best Practice 8.x section on "Trust Anchor Consistency across devices" that basically recommends browser vendors, phone manufacturers etc to have a consistent set of pre-provisioned trust anchors? > > > > > > > -- /* Serge Egelman PhD Candidate Vice President for External Affairs, Graduate Student Assembly Carnegie Mellon University Legislative Concerns Chair National Association of Graduate-Professional Students */Received on Monday, 15 October 2007 19:28:57 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:52 GMT