ACTION-318: Draft a new subsection to section 7 discussing the mixing of trusted/untrusted information in the UI from Doyle, Bill on 2007-12-14 (public-wsc-wg@w3.org from December 2007)

From: Doyle, Bill <wdoyle@mitre.org>
Date: Fri, 14 Dec 2007 14:54:21 -0500
To: <public-wsc-wg@w3.org>
Message-ID: <518C60F36D5DBC489E91563736BA4B5801CBA0C1@IMCSRV5.MITRE.ORG>

First - In order to draft this section I believe that WSC needs to
define trust. I looked around a bit - did not see anything.
 
Second - Once we have trust defined - what attributes of a HTTPs
session are considered trusted and available to be used in a secure
section of UI?
 
>From what I can tell the only attributes that can be trusted in a
standard X.509 cert is CA related attributes. A user review of a
standard X.509 certs is required in order to be able to "trust" it.
 
Cheers
 
Bill D.
wdoyle@mitre.org

Received on Friday, 14 December 2007 19:54:41 UTC