- From: <michael.mccormick@wellsfargo.com>
- Date: Sat, 9 Jun 2007 01:37:40 -0500
- To: <Mary_Ellen_Zurko@notesdev.ibm.com>
- Cc: <public-wsc-wg@w3.org>
- Message-ID: <8A794A6D6932D146B2949441ECFC9D68040A9F29@msgswbmnmsp17.wellsfargo.com>
Agreed. I have rewritten the Disruption section accordingly: http://www.w3.org/2006/WSC/wiki/RecommendationDisplayProposals/FavIcon Thanks, Mike _____ From: Mary Ellen Zurko [mailto:Mary_Ellen_Zurko@notesdev.ibm.com] Sent: Friday, June 08, 2007 7:23 AM To: McCormick, Mike Cc: public-wsc-wg@w3.org Subject: Re: ACTION-208: "Site Identifying Images in Chrome" display recommendation "This recommendation addresses the use of site identifying images (e.g., logos) in web agent chrome. Specific implementations addressed are favicons and certificate logos. The use of site identifying images within content (not in chrome) is out of scope. " Not out of scope for the WG. And indeed, the "what is a secure page" proposal deals with it. So those two aspects of these proposals should be aligned (merged up in the editor's draft). "For these reasons, favicon use on web sites requiring user trust should be considered a security anti-pattern. Favicons undermine the web security context display in two ways. First, they appear to provide security context but in reality do not. Second, they blur the distinction between chrome and content. " I think there's a more general statement hiding here. You give all the reasons that favicons are a problem. So that anything that had those attributes would be a problem. That more general recommendation should also be a part of this one. I do think there might be Disruptions in this proposal. The Disruptions section is supposed to be for disruptions caused by the proposal. Mez Mary Ellen Zurko, STSM, IBM Lotus CTO Office (t/l 333-6389) Lotus/WPLC Security Strategy and Patent Innovation Architect <michael.mccormick@wellsfargo.com> Sent by: public-wsc-wg-request@w3.org 05/19/2007 03:00 AM To <public-wsc-wg@w3.org> cc Subject ACTION-208: "Site Identifying Images in Chrome" display recommendation I drafted a display recommendation (using the template) that can be found at http://www.w3.org/2006/WSC/wiki/RecommendationDisplayProposals/FavIcon <http://www.w3.org/2006/WSC/wiki/RecommendationDisplayProposals/FavIcon> in satisfaction of my action item, which I propose can now be closed. Michael McCormick, CISSP Lead Architect, Information Security Technology Wells Fargo Bank 255 Second Avenue South MAC N9301-01J Minneapolis MN 55479 * 612-667-9227 (desk) * 612-667-7037 (fax) ( :-) michael.mccormick@wellsfargo.com (AIM) * 612-621-1318 (pager) * michael.mccormick@wellsfargo.com <mailto:michael.mccormick@wellsfargo.com> “THESE OPINIONS ARE STRICTLY MY OWN AND NOT NECESSARILY THOSE OF WELLS FARGO" This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
Received on Saturday, 9 June 2007 06:38:08 UTC