- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Tue, 09 Jan 2007 14:42:06 +0000
- To: "Hallam-Baker, Phillip" <pbaker@verisign.com>
- Cc: W3 Work Group <public-wsc-wg@w3.org>
Hallam-Baker, Phillip wrote: > I think that this comes down to the poorly considered semantics of the padlock icon. "Its encrypted" vs "It safe". Tend to agree, but its easy for us to be wise after the fact of course. > I have no problem turning on SSL any time at all provided that the user is not given a false sense of security. Don't show the padlock, maybe warn if the user actually typed in https://. In this use case, the content is both encrypted and, "secure," for many reasonable definitions of secure. That does not mean that all content accessed via a TLS session that uses a self-signed cert is the same - but hey, that's the point of the use case! S.
Received on Tuesday, 9 January 2007 14:41:06 UTC