Rephrasing of certificate information caching policies in User Interface Guidelines from Sigbjørn Vik on 2008-09-04 (public-usable-authentication@w3.org from September 2008)

From: Sigbjørn Vik <sigbjorn@opera.com>
Date: Thu, 04 Sep 2008 11:26:07 +0200
To: public-usable-authentication@w3.org
Message-ID: <op.ugx9ttio41y844@id-c0735.oslo.opera.com>

A couple of comments regarding the wording of a paragraph.

"User agents SHOULD store the state of certificates that were previously  
encountered. (specifically, whether or not a site previously presented a  
validated certificate). Historical TLS information stored for the purposes  
of evaluating security relevant changes of behavior MAY be expunged from  
the user agent on the same schedule as other browsing history information..  
Historical TLS information MUST NOT be expunged prior to other browsing  
history information. For purposes of this requirement, browsing history  
information includes visit logs, bookmarks, and information stored in a  
user agent cache."

This sentence requires UAs to store the certificate information until  
other browsing history information (specifically bookmarks) is deleted. As  
we know that users never delete their bookmarks, the conclusion must be  
that the certificate information can never be deleted.

The intention should be that the certificate information gets stored along  
with other historical data as long as the user/UA keeps this around.  
Bookmarks in themselves are not historical data, though bookmarks may  
contain historical data such as time created, last visited, favicons (the  
favicon might contain a timestamp) and other. Different types of  
historical data might be treated by a UA in different ways (expunged at  
different schedules for instance), so treating certificate data the same  
way as all the other types might not be possible.

I propose a rewrite and clarification of the paragraph, particularily with  
the intention. As the paragraph stands now, a UA cannot let the user  
manually expunge certificate information only, as this would be in  
violation of the MUST NOT clause. Proposal follows:

"User agents SHOULD store the state of certificates that were previously  
encountered. Such state would typically include at least whether or not  
the certificate the site presented was valid, and may also include what  
the issues were with it (if any), protocol information, a fingerprint of  
the certificate and any other information for the purposes of evaluating  
security relevant changes of behavior. This information MUST be treated by  
the user agent under the same privacy and caching policies as other  
browsing history information, such as visit logs, timestamps in bookmarks,  
cookies, and information stored in the user agent cache."

-- 
Sigbjørn Vik
Quality Assurance
Opera Software

Received on Thursday, 4 September 2008 14:49:23 UTC