- From: Stuart E. Schechter <ses@ll.mit.edu>
- Date: Tue, 09 Jan 2007 10:21:05 -0500
- To: W3 Work Group <public-wsc-wg@w3.org>
- CC: Stephen Farrell <stephen.farrell@cs.tcd.ie>
> From: Stephen Farrell <stephen.farrell@cs.tcd.ie> >> I have no problem turning on SSL any time at all provided that the user is >> not given a false sense of security. Don't show the padlock, maybe warn if >> the user actually typed in https://. > > In this use case, the content is both encrypted and, "secure," > for many reasonable definitions of secure. "Secure" is a meaningless word unless you say what it is secure against. What is the threat model under which you would say this meets a definition of secure?
Received on Tuesday, 9 January 2007 15:23:47 UTC