W3C home > Mailing lists > Public > www-p3p-policy@w3.org > February 2007

Re: p3p preference for secure communication

From: Rigo Wenning <rigo@w3.org>
Date: Tue, 6 Feb 2007 13:35:07 +0100
To: Emin Islam Tatli <tatli@th.informatik.uni-mannheim.de>
Cc: www-p3p-policy@w3.org
Message-Id: <200702061335.08230.rigo@w3.org>
Hi Emin, 

There was some demand at some point in time from JRC for signed P3P 
Policies, but there wasn't enough support to continue that work. P3P is 
theoretically able to convey all sorts of metadata, but the fact that a 
site is using SSL is already implemented in the interface of the 
browser. 

Currently, the way SSL/TLS is implemented in the browser is reviewed by 
the Web Security Context Working Group:
http://www.w3.org/2006/WSC/

But your question raises issues around a general framework for 
conveyance of metadata attached to using a website. The discussion was 
started by the content labelling Incubator Group and there will be some 
work in this issue in the near future:
http://www.w3.org/2005/Incubator/wcl/

Best, 

Rigo Wenning
Privacy Activity Lead

On Monday 05 February 2007 11:15, Emin Islam Tatli wrote:
> Hi,
>
> It seems that p3p/Appel does not consider privacy preference for
> encrypted communication. I mean, as a user I can not say "If there is
> no secure communication with the server, do not access to the
> server". Am I missing something for this issue? Do you know any work
> in this direction?
>
> Thanks in advance,
> Emin

Received on Tuesday, 6 February 2007 12:35:20 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:01:10 UTC