- From: Thomas Roessler <tlr@w3.org>
- Date: Mon, 17 Dec 2007 11:41:03 +0100
- To: "Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com>
- Cc: "public-wsc-wg@w3.org" <public-wsc-wg@w3.org>
I've aded ISSUE-145 on your behalf; it's copy & paste from this message. On 2007-12-09 22:00:00 +0100, Yngve N. Pettersen wrote: > From: "Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com> > To: "public-wsc-wg@w3.org" <public-wsc-wg@w3.org> > Date: Sun, 09 Dec 2007 22:00:00 +0100 > Subject: ACTION-349: verify that normative material from WhatIsASecurePage was fully incorporated in > wsc-xit > List-Id: <public-wsc-wg.w3.org> > X-Spam-Level: > Organization: Opera Software AS > Archived-At: <http://www.w3.org/mid/op.t225ya12qrq7tp@nimisha.oslo.opera.com> > X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.1.6 > > > Hello all, > > http://www.w3.org/2006/WSC/wiki/WhatIsASecurePage > > AFAICT, the following recommendations are not yet in wsc-xit, or possibly > not sufficiently covered. > > #6/#16: all-EV site (or in new nomenclature: all-AA sites). > > #12: Delayed security level change (mostly to upgrade security level, > despite unsecure loading). May be covered by current security level change > language. > > More radical proposals not included > > #8: Forbid mixing of non-TLS-protected content in TLS-protected webpages > > #10: Forbid unsecure->secure password submit by clients > > #11: secure->Unsecure POST submits > > #13: Treat https-part of URL as a security indicator (also, relevant in > relation to "Chinese whispers"-robustness, ACTION-347) > > -- > Sincerely, > Yngve N. Pettersen > > ******************************************************************** > Senior Developer Email: yngve@opera.com > Opera Software ASA http://www.opera.com/ > Phone: +47 24 16 42 60 Fax: +47 24 16 40 01 > ******************************************************************** > > -- Thomas Roessler, W3C <tlr@w3.org>
Received on Monday, 17 December 2007 10:41:22 UTC