ISSUE-123: Safe Form Bar: HTTP assumptions in "no TLS" section [Techniques] from Web Security Context Working Group Issue Tracker on 2007-10-11 (public-wsc-wg@w3.org from October 2007)

From: Web Security Context Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Thu, 11 Oct 2007 10:21:07 +0000 (GMT)
To: public-wsc-wg@w3.org
Message-Id: <20071011102107.7C26AC6DB0@barney.w3.org>

ISSUE-123: Safe Form Bar: HTTP assumptions in "no TLS" section [Techniques]

http://www.w3.org/2006/WSC/track/issues/

Raised by: Thomas Roessler
On product: Techniques

The current text assumes that there is always a meaningful interaction that can be described as "see if there's a secure version of this."  The text seems to assume that the form the editor bar is dealing with was retrieved by way of a GET request; in this event, the assumption probably (but not always) holds.

In case of POST, the assumption most of the time *won't* hold.

See also RFC 2616, safe vs unsafe.

Received on Thursday, 11 October 2007 10:21:16 UTC