- From: Doyle, Bill <wdoyle@mitre.org>
- Date: Mon, 20 Nov 2006 12:07:13 -0500
- To: "Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com>, <mikes@opera.com>
- Cc: <public-wsc-wg@w3.org>
- Message-ID: <518C60F36D5DBC489E91563736BA4B5801250CA5@IMCSRV5.MITRE.ORG>
Mez, Seems like the response from Michael ties into action item 18 that I am writing up. I also felt that this topic could be expanded upon to discuss general protection mechanisms that negotiated between the site and the browser including SSL (ciphers and key lengths), PKI Cert with some robustness standards that could be requested / applied. Bill D. wdoyle@mitre.org ________________________________ From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On Behalf Of Mary Ellen Zurko Sent: Monday, November 20, 2006 11:51 AM To: mikes@opera.com Cc: public-wsc-wg@w3.org Subject: Re: Opera's three security levels Thanks. One thing that jumps out at me is that it's not clear what the user should and shouldn't do in situations where those various levels occur. Do you have any actionable advice to the user associated with these levels? Mez "Michael(tm) Smith" <mikes@opera.com> Sent by: public-wsc-wg-request@w3.org 11/17/2006 05:35 AM To public-wsc-wg@w3.org cc Subject Opera's three security levels Below is a message from Opera's Yngve Pettersen that describes the criteria that Opera browser uses for selecting the 1-3 number displayed within the padlock icon in Opera (to indicate the security level). ----- Forwarded message from "Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com> ----- Date: Thu, 16 Nov 2006 04:39:39 +0100 To: "Michael(tm) Smith" <mikes@opera.com> Subject: Opera's 3 security levels From: "Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com> Hi, I see from the WSC minutes that you want this information: Level 0: At least one resource was loaded from an uncrypted site, expect for (Opera 8+) the first redirect as long as it is not a POST. Level 1: Chosen for - 40 and 56 bit symmetric encryption (or below) - anonymous ciphers - authentication only. - RSA/DH/DSA keys shorter than 900 bits (Opera 9+ can adjust this in jumps of 100 bits as needed). - Certificate warnings - SSL v2 (any cipher) Level 2: RSA/DH/DSA keys between 900 (inclusive) and 1000 bits (not inclusive) Level 3: requires all of these: - 128 bit and more symmetric (including 3DES), - 1000 bit or more RSA/DH/DSA (will be upgraded to 1020 bit as soon as old RSA SSCA root has been phased out) - Opera 9: No problems with OCSP validation (when used) OCSP problems (except revocation) results in a one level down indication. In Opera 9.10 no padlock is displayed for https pages that have level 2 (IIRC) or below. In Opera 9.0x level 2 and below will show a partial lock (open in case of mixed security) on grey background. Opera 8.x uses yellow background for all levels for a https page. -- Sincerely, Yngve N. Pettersen ******************************************************************** Senior Developer Email: yngve@opera.com Opera Software ASA http://www.opera.com/ Phone: +47 24 16 42 60 Fax: +47 24 16 40 01 ******************************************************************** ----- End forwarded message ----- -- Michael(tm) Smith Opera Software, Tokyo xmpp:smith@sideshowbarker.net irc://irc.freenode.net/mobile-web
Received on Monday, 20 November 2006 17:07:53 UTC