- From: Yngve Nysaeter Pettersen <yngve@opera.com>
- Date: Wed, 29 Nov 2006 15:09:20 +0100
- To: public-wsc-wg@w3.org
Hello all, I'm Yngve N. Pettersen, and I'm the lead developer at Opera Software in the networking and security area (HTTP, caching, cookies, TLS, encryption etc.), and I am also the head of our security group. I have for some time followed standardization work in the IETF. More recently I have been involved in the CA Browser forum Extended Validation effort, as well as some work within the IETF to solve a security problem with cookie domains, as well as a number of other protocol issues in TLS and following the work on IDNA. While I have not worked much with UI (I like working under the hood better than polishing the chrome), I am aware of the issues involving the presentation of security related information and options to the user and the potential problems with making security related decisions for the user, in particular when those decisions do not match what other alternative products do in the same situation. I recently posted a few articles about some of the issues, primarily related to handling of websites using weak encryption, mixed security, or certificates issued by unknown authorities, and also explore the possible ways browsers can handle these situations. If you are interested, the most recent article is located at <URL: http://my.opera.com/yngve/blog/show.dml/461932 >. One of the problems in the area may be showing to little information (in some cases) and too much (in other cases). We probably need to find a better balance between what decisions the user agent can make on their own (for example, to automatically refuse or accept sites with questionable security information) and when the user agent must ask the user, and in both cases how it is presented. Currently it is possible that we ask the user too often. Another question is what, if anything, the client can do to discourage the user from submitting sensitive information to unauthorized websites, even when they are not on a list of known frauds. I hope that this group can help resolve some of these and other related questions. -- Sincerely, Yngve N. Pettersen ******************************************************************** Senior Developer Email: yngve@opera.com Opera Software ASA http://www.opera.com/ Phone: +47 24 16 42 60 Fax: +47 24 16 40 01 ********************************************************************
Received on Thursday, 30 November 2006 00:50:28 UTC