- From: Ian Fette <ifette@google.com>
- Date: Mon, 15 Oct 2007 12:48:39 -0700
- To: "Serge Egelman" <egelman@cs.cmu.edu>
- Cc: "Web Security Context Working Group WG" <public-wsc-wg@w3.org>
- Message-ID: <bbeaa26f0710151248k604c123fw35780cf092258bf4@mail.gmail.com>
Provided that it makes sense for the context. i.e. half of these recommendations I think would be nightmarish on a mobile device if you just take the desktop implementation and tried to use it with mobile. I think consistency is good, but "making sense" on the native platform is certainly going to have to be higher priority if we are to expect adoption. On 10/15/07, Serge Egelman <egelman@cs.cmu.edu> wrote: > > > I would certainly agree to this recommendation. > > serge > > Web Security Context Working Group Issue Tracker wrote: > > > > ISSUE-130 (Trust Anchors): Trust Anchor Consistency Across Devices? > [Techniques] > > > > http://www.w3.org/2006/WSC/track/issues/ > > > > Raised by: Luis Barriga > > On product: Techniques > > > > At the f2f meeting I mentioned one of the findings on smart-phones: the > pre-provisioned trust anchors in smartphones are disjoint from the ones in > desktop browsers. The opposite is valid too. > > > > As a result, users visiting the one site on a smartphone and on a > desktop browser will see TLS warnings that they has not seen previously when > visiting the same site. (Trust is temporary unavailable) > > > > Shall we add a Deployment Best Practice 8.x section on "Trust Anchor > Consistency across devices" that basically recommends browser vendors, phone > manufacturers etc to have a consistent set of pre-provisioned trust anchors? > > > > > > > > > > > > > > > > -- > /* > Serge Egelman > > PhD Candidate > Vice President for External Affairs, Graduate Student Assembly > Carnegie Mellon University > > Legislative Concerns Chair > National Association of Graduate-Professional Students > */ > >
Received on Monday, 15 October 2007 19:48:56 UTC