- From: Johnathan Nightingale <johnath@mozilla.com>
- Date: Mon, 18 Jun 2007 09:42:17 -0400
- To: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
- Cc: W3C WSC W3C WSC Public <public-wsc-wg@w3.org>
Received on Monday, 18 June 2007 13:42:34 UTC
On 15-Jun-07, at 3:50 PM, Mary Ellen Zurko wrote: > "This recommendation applies to all web user agents capable of > supporting the relevant site-identity technologies (e.g. EV SSL > Certificates). " > Why can't it apply to all web user agents, since the combination of > a URL, browsing history, and the ability to name a site can also > provide an identity signal? If it's meant to be third party crypto > identity, that wasn't clear to me until later down. Perhaps that > should be spelled out? Or perhaps I'm still unclear on the scope. So, I would say it can apply to almost all user agents. The requirements/good practices section says that implementations "SHOULD rely on technologies which are accepted as industry standards of identification" of which EV is an example, but the applicability is only intended to mean that it applies to any user agent that can support an appropriate technology. A company building a stateless browser, for public web kiosks or something, which had no meaningful browser history and which, perhaps, had no crypto library, would be hard-pressed to provide a meaningful indicator. If that is unclear, I welcome suggested improvements. Maybe if I just take out the parenthetical in the applicability clause? Cheers, J --- Johnathan Nightingale Human Shield johnath@mozilla.com
Received on Monday, 18 June 2007 13:42:34 UTC