Re: Don't favour https ( LC-2382) from Stephen Farrell on 2010-04-23 (public-wsc-wg@w3.org from April 2010)

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Sat, 24 Apr 2010 00:47:56 +0100
To: "ifette@google.com" <ifette@google.com>
Cc: Mary Ellen Zurko <mzurko@us.ibm.com>, "public-wsc-wg@w3.org" <public-wsc-wg@w3.org>
Message-Id: <93FA0792-72ED-423E-93A1-114EE7964F51@cs.tcd.ie>

 From the sidelines:

+1 to Ian

I'd disregard anti-scientific objections based on arguments related to  
architectural purity, if that's what's actually in question.

S.

On 23 Apr 2010, at 23:45, Ian Fette (イアンフェッティ)  
<ifette@google.com> wrote:

> Let him formally object. It's not going to change what any of the  
> browsers do.
>
> Am 23. April 2010 15:30 schrieb Mary Ellen Zurko <mzurko@us.ibm.com>:
> fyi. We seem to have a philosophical divide on this question (at  
> least that is my first reaction). It seems that existing web  
> architecture documents do not address the topic of user interface  
> and user understanding implications at all (perhaps someone can  
> correct me on that). This seems to be in part what the new web  
> science notion is about; build an understanding of humans into the  
> overall model. It's not clear to me that we actually have an  
> architecture today that maps to the architectural model of AWWW  
> (Architecture of the World Wide Web), as I don't know where the  
> security characteristics otherwise are or would be. So a spec that  
> articulates current best practice would of necessity be at odds with  
> a model that was not fully realized.
>
> It's always hard to know which items one should "go to the mat" on.
>
>           Mez
>
>
> ----- Forwarded by Mary Ellen Zurko/Westford/IBM on 04/23/2010 06:16  
> PM -----
>
> From:        Krzysztof Maczyński <1981km@gmail.com>
> To:        <mzurko@us.ibm.com>
> Cc:        <public-usable-authentication@w3.org>
> Date:        04/23/2010 10:12 AM
> Subject:        Re: Don't favour https ( LC-2382)
> Sent by:        public-usable-authentication-request@w3.org
>
>
>
> > It would be confusing to
> > users to see an indication of TLS security, such as augmented  
> assurance
> > (such as with EV) certificates, and an http: URI.
> This is based on a misunderstanding about URIs. They identify  
> resources, not characteristics of access to those resources (such as  
> security). AWWW and other documents are clear on this. Existing  
> confusion in some users should be rectified, not entrenched, lest I  
> formally object. My request that the spec doesn't go for the latter  
> (specifically, removing "an https URL was used" from the definition  
> would resolve the issue) still stands.
>
> Best regards,
>
> Krzysztof Maczyński
> Invited Expert, HTML WG
>
>
>

Received on Friday, 23 April 2010 23:48:36 UTC