RE: ACTION-318: Draft a new subsection to section 7 discussing the mixing of trusted/untrusted information in the UI from Dan Schutzer on 2007-12-14 (public-wsc-wg@w3.org from December 2007)

From: Dan Schutzer <dan.schutzer@fstc.org>
Date: Fri, 14 Dec 2007 15:06:59 -0500
To: "'Doyle, Bill'" <wdoyle@mitre.org>, <public-wsc-wg@w3.org>
Message-ID: <001501c83e8c$e355e560$6500a8c0@dschutzer>

I agree we should have section on trust with trust defined

  _____  

From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On
Behalf Of Doyle, Bill
Sent: Friday, December 14, 2007 2:54 PM
To: public-wsc-wg@w3.org
Subject: ACTION-318: Draft a new subsection to section 7 discussing the
mixing of trusted/untrusted information in the UI

First - In order to draft this section I believe that WSC needs to define
trust. I looked around a bit - did not see anything.

Second - Once we have trust defined - what attributes of a HTTPs session are
considered trusted and available to be used in a secure section of UI?

>From what I can tell the only attributes that can be trusted in a standard
X.509 cert is CA related attributes. A user review of a standard X.509 certs
is required in order to be able to "trust" it.

Cheers

Bill D.

wdoyle@mitre.org

Received on Friday, 14 December 2007 20:07:26 UTC