- From: <michael.mccormick@wellsfargo.com>
- Date: Mon, 23 Apr 2007 17:41:17 -0500
- To: <Mary_Ellen_Zurko@notesdev.ibm.com>
- Cc: <public-wsc-wg@w3.org>
- Message-ID: <8A794A6D6932D146B2949441ECFC9D6802B4D3BA@msgswbmnmsp17.wellsfargo.com>
After review of the 4-4-07 minutes, it's clear to me now that I cannot satisfy ACTION-182 with the FSTC recommendations. Nonetheless, Dan Schutzer has kindly agreed to submit the subset of FSTC's suggested browser enhancements that are most applicable to WSC. It appears ACTION-182 stems from my Lightning Discussion on 4 April about the cryptic IE6 browser errors that I received when I encountered a self-signed SSL certificate at the www.x9.org web site. According to my notes, as well as the official meeting notes from Thomas, we had a lively discussion about the security anti patterns implied by such browser error messages. In particular I captured the following possible anti patterns in my notes: 1. Use of technical jargon containing terms with which the average layperson is not familiar. 2. Providing a web site's URL as the only contact info for it. (creates "catch-22" dilemma for user) 3. Actions suggested can't really be carried out. 4. Consequences or risks of user actions not explained. These are the [anti-]recommendations I propose we adopt. Anticipating comment, I haven't yet updated the wiki. Cheers Mike _____ From: McCormick, Mike Sent: Monday, April 23, 2007 9:45 AM To: 'Mary Ellen Zurko' Cc: public-wsc-wg@w3.org Subject: RE: ACTION-182 I'm discussing next steps with Chuck Wade and Dan Schutzer. Thanks, Mike _____ From: Mary Ellen Zurko [mailto:Mary_Ellen_Zurko@notesdev.ibm.com] Sent: Friday, April 20, 2007 4:22 PM To: McCormick, Mike Cc: public-wsc-wg@w3.org Subject: Re: ACTION-182 Hi Michale, The action includes extracting a draft of the related recommendations and putting it into the wiki. The FSTC browser document can't be that (as was pointed out, I think by Chuck, during our last call). The only way not to lose the content of the discussion is for you to draft some recommendations for us. Mez Mary Ellen Zurko, STSM, IBM Lotus CTO Office (t/l 333-6389) Lotus/WPLC Security Strategy and Patent Innovation Architect <michael.mccormick@wellsfargo.com> Sent by: public-wsc-wg-request@w3.org 04/20/2007 04:20 PM To <tlr@w3.org> cc <public-wsc-wg@w3.org> Subject ACTION-182 I believe this action can be closed since I facilitated a discussion of TLS issues during a Lighting Round on 11 April plus I posted FSTC browser enhancements (including TLS recommendations) to the Recommendations page on 3 April. Thanks, Mike Michael McCormick, CISSP Lead Architect, Information Security Technology Wells Fargo Bank 255 Second Avenue South MAC N9301-01J Minneapolis MN 55479 * 612-667-9227 (desk) * 612-667-7037 (fax) ( 612-590-1437 (cell) :-) michael.mccormick@wellsfargo.com (AIM) * 612-621-1318 (pager) * michael.mccormick@wellsfargo.com <mailto:michael.mccormick@wellsfargo.com> “THESE OPINIONS ARE STRICTLY MY OWN AND NOT NECESSARILY THOSE OF WELLS FARGO" This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
Received on Monday, 23 April 2007 22:41:35 UTC