- From: Serge Egelman <egelman@cs.cmu.edu>
- Date: Mon, 15 Oct 2007 15:28:33 -0400
- To: Web Security Context Working Group WG <public-wsc-wg@w3.org>
I would certainly agree to this recommendation. serge Web Security Context Working Group Issue Tracker wrote: > > ISSUE-130 (Trust Anchors): Trust Anchor Consistency Across Devices? [Techniques] > > http://www.w3.org/2006/WSC/track/issues/ > > Raised by: Luis Barriga > On product: Techniques > > At the f2f meeting I mentioned one of the findings on smart-phones: the pre-provisioned trust anchors in smartphones are disjoint from the ones in desktop browsers. The opposite is valid too. > > As a result, users visiting the one site on a smartphone and on a desktop browser will see TLS warnings that they has not seen previously when visiting the same site. (Trust is temporary unavailable) > > Shall we add a Deployment Best Practice 8.x section on "Trust Anchor Consistency across devices" that basically recommends browser vendors, phone manufacturers etc to have a consistent set of pre-provisioned trust anchors? > > > > > > > -- /* Serge Egelman PhD Candidate Vice President for External Affairs, Graduate Student Assembly Carnegie Mellon University Legislative Concerns Chair National Association of Graduate-Professional Students */
Received on Monday, 15 October 2007 19:28:57 UTC