- From: Thomas Roessler <tlr@w3.org>
- Date: Wed, 29 Aug 2007 21:29:10 +0200
- To: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>, public-wsc-wg@w3.org
On 2007-08-25 12:53:29 +0200, Thomas Roessler wrote: > http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#security-considerations > > On 2007-08-24 14:00:49 -0400, Mary Ellen Zurko wrote: > > > "except for the absence of a possibly positive indicator " > > > That was not at all my reading, and everything we know says that's a > > terrible idea. I had read the following lines as requiring some sort of > > indicator at all times in primary UI if any indicator was ever shown in > > primary UI: > > > "User interactions to access this identity signal MUST be consistent > > across all Web interactions, including interactions during which the Web > > user agent has no trustworthy information about the [[ identity ]] of the > > Web site that a user interacts with. In this case, user agents SHOULD > > indicate that no information is available. " > > It's (mostly) my bad wording in the security considerations section. > > Yet, the only protection the current approach leaves in place during > the first interaction with a TLS site is indeed the user noticing > that the identity signal looks fishy -- as there is not enough > information to trigger a change of security level at this point, and > an active attacker could show a self-signed certificate. I've corrected the wording to more accurately speak of "differences in a passive indicator." I've also added a short section to the security considerations to capture Ian's scary use case from the call last week, [1]. @@Web Security Context@@ Editor's Draft $Date: 2007/08/29 19:26:55 $ 1. http://www.w3.org/2007/08/22-wsc-minutes.html#item07 -- Thomas Roessler, W3C <tlr@w3.org>
Received on Wednesday, 29 August 2007 19:29:12 UTC