- From: Thomas Roessler <tlr@w3.org>
- Date: Mon, 5 Nov 2007 12:10:57 -0500
- To: WSC WG <public-wsc-wg@w3.org>
I've done some word-smithing on ISSUE-130 in the spirit of our discussion, and after looking at some of the MWBP material. Here it is: http://www.w3.org/2006/WSC/drafts/rec/#tls-across-devices Web content SHOULD be designed offer the same security user experience across different user agents and devices. Web site owners SHOULD perform tests of the TLS security and trust features of their site on various devices. Web site owners operating TLS-protected sites should anticipate the use of those sites from mobile devices which may have constrained capabilities, or diverging sets of trust anchors. These limitations can usually be addressed in ways that preserve security without hurting the user experience on either device. In particular, Web sites can often avoid designing to revert to an insecure state instead, blocking mobile access, or leaving trust decisions to the user. Thoughts? -- Thomas Roessler, W3C <tlr@w3.org>
Received on Monday, 5 November 2007 17:11:07 UTC