Re: ISSUE-130 (Trust Anchors): Trust Anchor Consistency Across Devices? [Techniques]

Provided that it makes sense for the context. i.e. half of these
recommendations I think would be nightmarish on a mobile device if you just
take the desktop implementation and tried to use it with mobile. I think
consistency is good, but "making sense" on the native platform is certainly
going to have to be higher priority if we are to expect adoption.

On 10/15/07, Serge Egelman <egelman@cs.cmu.edu> wrote:
>
>
> I would certainly agree to this recommendation.
>
> serge
>
> Web Security Context Working Group Issue Tracker wrote:
> >
> > ISSUE-130 (Trust Anchors): Trust Anchor Consistency Across Devices?
> [Techniques]
> >
> > http://www.w3.org/2006/WSC/track/issues/
> >
> > Raised by: Luis Barriga
> > On product: Techniques
> >
> > At the f2f meeting I mentioned one of the findings on smart-phones: the
> pre-provisioned trust anchors in smartphones are disjoint from the ones in
> desktop browsers. The opposite is valid too.
> >
> > As a result, users visiting the one site on a smartphone and on a
> desktop browser will see TLS warnings that they has not seen previously when
> visiting the same site. (Trust is temporary unavailable)
> >
> > Shall we add a Deployment Best Practice 8.x section on "Trust Anchor
> Consistency across devices" that basically recommends browser vendors, phone
> manufacturers etc to have a consistent set of pre-provisioned trust anchors?
> >
> >
> >
> >
> >
> >
> >
>
> --
> /*
> Serge Egelman
>
> PhD Candidate
> Vice President for External Affairs, Graduate Student Assembly
> Carnegie Mellon University
>
> Legislative Concerns Chair
> National Association of Graduate-Professional Students
> */
>
>

Received on Monday, 15 October 2007 19:48:56 UTC