- From: Thomas Roessler <tlr@w3.org>
- Date: Mon, 20 Nov 2006 20:58:31 +0100
- To: "Doyle, Bill" <wdoyle@mitre.org>
- Cc: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>, public-wsc-wg@w3.org
For the benefit of tracker, ACTION-18. On 2006-11-20 14:53:46 -0500, Doyle, Bill wrote: > From: "Doyle, Bill" <wdoyle@mitre.org> > To: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>, > public-wsc-wg@w3.org > Date: Mon, 20 Nov 2006 14:53:46 -0500 > Subject: Action Item 18 - understand/visualize the strength of SSL > List-Id: <public-wsc-wg.w3.org> > X-Spam-Level: > X-Archived-At: > http://www.w3.org/mid/518C60F36D5DBC489E91563736BA4B5801250CE0@IMCSRV5.MITRE.ORG > > Action Item 18 - Formalize the need to be able to understand/visualize > the "strength" of SSL protection in place > <http://www.w3.org/2006/WSC/track/actions/18> > > The strength of SSL protection is based on a negotiated session between > a server and a users browser. The SSL protocol provides mechanisms for > the server and browser to identify cipher suites that they have in > common and negotiate mutually acceptable ciphers. Configuration > settings may allow the use of different cipher suites that could > impacting the actual strength of SSL.. Many browsers use an on/off > presentation to display SSL noting that SSL is either protecting the > session or not. A binary representation of SSL (on/off) gives the user > the impression that each site that uses SSL provides an equal level of > protection. > > Browsers should make use of SSL session information and present this > information in a way that depicts the actual strength of the SSL > connection. Ways to define strength could include the use of the latest > cipher suites and longest keys allowed. > > Bill Doyle > wdoyle@mitre.org > 732 578 6344 > -- Thomas Roessler, W3C <tlr@w3.org>
Received on Monday, 20 November 2006 19:58:40 UTC