- From: Thomas Roessler <tlr@w3.org>
- Date: Mon, 30 Jul 2007 18:03:32 -0400
- To: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
- Cc: public-wsc-wg@w3.org
On 2007-07-30 17:24:18 -0400, Mary Ellen Zurko wrote: > I'm unclear how this interacts with other proposals in terms of > inputting data (particularly login credentials) the first few > times I visit such a site. It sounds like the recommendation > would make them look totally unidentified. Is that right? Yes, similar to Phil's "no-interaction" proposal: http://www.w3.org/2006/WSC/wiki/RecommendationDisplayProposals/NoSecurityIndicator The additional idea in the self-signed certificate proposal is to actually turn on the indicators after a whlie, and maybe even warn (or block) if a self-signed certificate is changed. There would also be a block page if a user hits a site for which a CA has been used in the past, but for which he now encounters a self-signed certificate. > I think I'd need to consider this in the context of, say, > Identity Signal to understand the impact and implications. Indeed. -- Thomas Roessler, W3C <tlr@w3.org>
Received on Monday, 30 July 2007 22:03:41 UTC