General: -------- 1. Get rid of the word trust wherever possible. If there's somewhere where no other word will do then let's deal with that then. I didn't see any such instance. 2. Overview could do with a bit of a rewrite, e.g. its partly a document outline but incomplete, some of the language is too wishy-washy ("we hope"). 3. The only substantive part of section 3 seems to be the reference to 2119. I think that section could maybe be deleted/merged with section 1. Its not clear to me what's intended for section 3.2 that would change this. 4. Section 5 could be replaced with the text I knocked up before (or not, as the group prefer). 5. Section 6: what is the "[[identity]] of the web site"? Is it the full URI, just the scheme and (if applicable) DNS name (and port?); if not then what? If the full URI then what is a web site? 6. 6.1.1 calls for consistency which is fine. What if >1 no-chrome page is being displayed? How might 2ndary UI handle that? Maybe include a thumbnail? (Iff that's IPR-free.) 7. The first MUST at the start of 6.1.2 is entirely wrong. Delete the sentence. The remainder of the section is unclear and should be restructured along the lines of separate sections dealing with how the signal is formed for each of the TLS and non-TLS options. A table would presumably be a useful way to present this information. 8. 6.1.2, just checking - is there any way an audio logo type could cause me to call (via SIP/skype) a premium-rate number? If so we need to disallow that if we can. 9. 6.3, do we expect all UAs to include some page security score? If so, then providing at least one (possibly illustrative) method for calculating that score seems like a good idea. 10. I just don't understand 6.4.2 at all. 11. Section 7 has been discussed in recent calls. Nits: ----- 4.1, what's a "modality"? 4.2, definition of web page is broken, many web pages are referenced by a URI but are also embedded in other resources; I'd imagine there ought be somewhere else we can get a definition? 4.2.2, I agree with whoever said this is either too short or shouldn't be here 6.1.1 (and elsewhere), saying "this is normative but examples aren't" all over the place seems a bit pointless, surely if we've said what MUST etc mean we're done already. 6.2, 1st para "can" here conflicts with 6.1 (I think) Editorial: ---------- section 1, 1st para: s/trust decisions/security related/ section 1, 2nd para: "that goal"? No goal is explicit in the foregoing. section 1, 2nd para: s/trust decisions/decisions/ 6.1, don't end a sentence with with. (and elsewhere) 6.1.1, s/different from solely page content/something better/ Last sentence of that paragraph is also wrong since as state the requirement only applies if there is some form of chrome or equivalent, so delete from "Note" to the end. Sections 8-10 seem very piecemeal, I would guess some restructuring might help there.