W3C home > Mailing lists > Public > public-wsc-wg@w3.org > January 2008

Re: Is the padlock a page security score?

From: Thomas Roessler <tlr@w3.org>
Date: Sun, 13 Jan 2008 17:11:51 +0100
To: michael.mccormick@wellsfargo.com
Cc: beltzner@mozilla.com, ifette@google.com, Anil.Saldhana@redhat.com, hahnt@us.ibm.com, public-wsc-wg@w3.org, Mary_Ellen_Zurko@notesdev.ibm.com
Message-ID: <20080113161151.GP262@iCoaster.does-not-exist.org>

On 2008-01-10 12:39:54 -0600, michael.mccormick@wellsfargo.com wrote:

> I agree.  But the more variables the security indicator takes
> into account, the more helpful it becomes for users making trust
> decisions. 

FWIW, I think that this statement is broad enough to be false for at
least some use cases.

E.g., if I'm out to get the evening news, then I'm not necessarily
interested in knowing whether the server I interact with is one that
I should trust with my credit card, even though I might be
interested to know whether it's really the news from the source I'm
expecting to interact with, or whether there are some folks
interfering with my phone line in the neighbor's garden.

(To just take the most obvious xkcd-inspired use case.  Software
installation is another one.)

-- 
Thomas Roessler, W3C  <tlr@w3.org>
Received on Sunday, 13 January 2008 16:44:10 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:56 GMT