W3C home > Mailing lists > Public > public-wsc-wg@w3.org > September 2007

BrowserLockDown, SafeBrowsingMode

From: Thomas Roessler <tlr@w3.org>
Date: Sun, 9 Sep 2007 14:36:26 +0200
To: dan.schutzer@fstc.org, hahnt@us.ibm.com
Cc: public-wsc-wg@w3.org
Message-ID: <20070909123626.GS15181@raktajino.does-not-exist.org>

Tim, I'm reviewing BrowserLockDown, currently here:


In the requirements, you write:

  A user agent MUST support the configuring of several "profiles"
  (sets of configuration settings) to be used when visiting
  different categories of sites.

  A user agent MUST support the configuring of different "usage
  modes" and allow the specification of which profiles are active in
  which modes.

It strikes me that the "usage modes" and some of the requirements
around them are probably all we need to talk about in the spec; how
they map to profiles (or the like) might actually be an
implementation detail.

This requirement:

  A user agent SHOULD allow users to view details of why a request
  or access to a site was blocked based on profile settings,
  including a description of which configuration setting or settings
  contributed to the site being blocked (but displayed only on
  A user agent SHOULD keep a history of blocked sites and the
  reasons for the block to allow analysis of these at a later date
  and time (and possibly by a person other than the user).
... could effectively turn into material for 5.3 (error handling),
and a requirement for a drill down on error pages.

I wonder how we would deal with users hitting error pages and
wanting to reduce their security mode interactively.

Dan, I think that this sets a nice framework for Safe Browsing Mode,
which could effectively turn into a somewhat standardized "usage


One interesting aspect in SBM in this regard is the idea that the
user should express their "intent to deal with a certain community."
That actually suggests a classification of usage modes by intended
tasks as a paradigm that should possibly be exposed -- "safe for
banking" could be one way to communicate such a mode, maybe
triggered with a secure attention key (and subject to questions
whether that trigger is actually effective).

SBM could then be phrased in terms of other material in the
specification, essentially tying up some loose ends:

- strict path validation (maybe this is really where that should
  become a MUST, not sme more general material on EV-certificates)
- expectation of strong TLS; weak TLS leads to a "hard error"
- when an MITM attack is detected, clients MUST NOT use the
  approach in 5.3.2

The current text in the editor's draft includes a strawman
requirement on "downgrades" from EV certificates causing a "change
of security level"; I wonder if that would also be better done in
Safe Browsing Mode, as opposed to generic browsing profiles.

Thoughts welcome.

Thomas Roessler, W3C  <tlr@w3.org>
Received on Sunday, 9 September 2007 12:36:32 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:14:18 UTC