Re: Opera's three security levels ACTION-23 from Thomas Roessler on 2006-11-17 (public-wsc-wg@w3.org from November 2006)

From: Thomas Roessler <tlr@w3.org>
Date: Fri, 17 Nov 2006 16:46:18 +0100
To: "Michael(tm) Smith" <mikes@opera.com>
Cc: public-wsc-wg@w3.org
Message-ID: <20061117154618.GZ2298@raktajino.does-not-exist.org>

This takes care of ACTION-23. Please remember to mention the number
of your action item when you write about it on the list.
-- 
Thomas Roessler, W3C  <tlr@w3.org>





On 2006-11-17 19:35:57 +0900, Michael(tm) Smith wrote:
> From: "Michael(tm) Smith" <mikes@opera.com>
> To: public-wsc-wg@w3.org
> Date: Fri, 17 Nov 2006 19:35:57 +0900
> Subject: Opera's three security levels
> List-Id: <public-wsc-wg.w3.org>
> X-Spam-Level: *
> X-Archived-At: http://www.w3.org/mid/20061117103556.GC4879@malware
> 
> Below is a message from Opera's Yngve Pettersen that describes the
> criteria that Opera browser uses for selecting the 1-3 number
> displayed within the padlock icon in Opera (to indicate the
> security level).
> 
> ----- Forwarded message from "Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com> -----
> 
> Date: Thu, 16 Nov 2006 04:39:39 +0100
> To: "Michael(tm) Smith" <mikes@opera.com>
> Subject: Opera's 3 security levels
> From: "Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com>
> 
> Hi,
> 
> I see from the WSC minutes that you want this information:
> 
> Level 0: At least one resource was loaded from an uncrypted site, expect  
> for (Opera 8+) the first redirect as long as it is not a POST.
> 
> Level 1: Chosen for
> 
>   - 40 and 56 bit symmetric encryption (or below)
>   - anonymous ciphers
>   - authentication only.
>   - RSA/DH/DSA keys shorter than 900 bits (Opera 9+ can adjust this in  
>     jumps of 100 bits as needed).
>   - Certificate warnings
>   - SSL v2 (any cipher)
> 
> Level 2: RSA/DH/DSA keys between 900 (inclusive) and 1000 bits (not  
> inclusive)
> 
> Level 3:  requires all of these:
> 
>   - 128 bit and more symmetric (including 3DES),
>   - 1000 bit or more RSA/DH/DSA (will be upgraded to 1020 bit as soon as  
>     old RSA SSCA root has been phased out)
>   - Opera 9: No problems with OCSP validation (when used)
> 
> OCSP problems (except revocation) results in a one level down indication.
> 
> In Opera 9.10 no padlock is displayed for https pages that have level 2  
> (IIRC) or below.
> 
> In Opera 9.0x level 2 and below will show a partial lock (open in case of  
> mixed security) on grey background. Opera 8.x uses yellow background for  
> all levels for a https page.
> 
> -- 
> Sincerely,
> Yngve N. Pettersen
>  
> ********************************************************************
> Senior Developer                     Email: yngve@opera.com
> Opera Software ASA                   http://www.opera.com/
> Phone:  +47 24 16 42 60              Fax:    +47 24 16 40 01
> ********************************************************************
> 
> ----- End forwarded message -----
> 
> -- 
> Michael(tm) Smith
> Opera Software, Tokyo
> xmpp:smith@sideshowbarker.net
> irc://irc.freenode.net/mobile-web

Received on Friday, 17 November 2006 16:40:15 UTC