Action Item 18 - understand/visualize the strength of SSL from Doyle, Bill on 2006-11-20 (public-wsc-wg@w3.org from November 2006)

From: Doyle, Bill <wdoyle@mitre.org>
Date: Mon, 20 Nov 2006 14:53:46 -0500
To: "Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com>, <public-wsc-wg@w3.org>
Message-ID: <518C60F36D5DBC489E91563736BA4B5801250CE0@IMCSRV5.MITRE.ORG>

Action Item 18  - Formalize the need to be able to understand/visualize
the "strength" of SSL protection in place
<http://www.w3.org/2006/WSC/track/actions/18> 
 
The strength of SSL protection is based on a negotiated session between
a server and a users browser. The SSL protocol provides mechanisms for
the server and browser to identify cipher suites that they have in
common and negotiate mutually acceptable ciphers. Configuration
settings may allow the use of different cipher suites that could
impacting the actual strength of SSL.. Many browsers use an on/off
presentation to display SSL noting that SSL is either protecting the
session or not. A binary representation of SSL (on/off) gives the user
the impression that each site that uses SSL provides an equal level of
protection.
 
Browsers should make use of SSL session information and present this
information in a way that depicts the actual strength of the SSL
connection. Ways to define strength could include the use of the latest
cipher suites and longest keys allowed.
 
Bill Doyle
wdoyle@mitre.org
732 578 6344

Received on Monday, 20 November 2006 19:54:09 UTC