W3C home > Mailing lists > Public > public-wsc-wg@w3.org > January 2008

Re: Is the padlock a page security score?

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Fri, 11 Jan 2008 09:08:51 -0500
Cc: public-wsc-wg@w3.org
Message-ID: <OF7F1B50B9.9BCBE109-ON852573CD.004D7C26-852573CD.004DB6D3@LocalDomain>
To: "Mike Beltzner <beltzner" <beltzner@mozilla.com>
Great conversation, all the way around. I particularly appreciate those 
posts that, while taking a strong stance, also try to explore other points 
of view, how their stance relates to it, and what might be some sort of 
reasonable middle ground. Kudos to all of you!

> Where the number *would* come in handy is when they're used to 
> seeing a "72" for their bank or online shopping site, but all of a 
> sudden they see a "38". It's the change in the security values that 
> become interesting. At that point, though, why would we require that
> the user remember that theirshoppingsite.com is usually a 72, but 
> all of a sudden became a 36. Why would we not, instead, just alert 
> them to the fact that there's something suspicious, and they 
> shouldn't use the site at this time (with links to more detail for 
> those who wish to know what tipped us off).

That would tie into the Change of Security Level (or CoSL as I started to 
call it in my review comments) in xit. 

As I think does some of the discussion of warnings on top of passive 
indicators (although as my review comments indicated, it was hard to find 
the part of CoSL where that was specified, and should be made clearer). 
Received on Friday, 11 January 2008 14:09:03 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:14:20 UTC