ACTION-376: Rewrite 5.5.3 to be more explicit about history tracking

The current normative text in section 5.5.3 reads:

> Web user agents that have found a resource strongly TLS protected  
> during past interactions MUST consider an interaction with the same  
> resource as a change of security level if that interaction is not  
> strongly TLS protected. Web user agents that have found a resource  
> strongly TLS protected with an Augmented Assurance Certificate  
> SHOULD consider an interaction with the same resource as a change of  
> security level if that interaction is not strongly TLS protected   
> with an Augmented Assurance Certificate.

The concern I raised was that this seems to imply an obligation on  
user agents to store certificate history for an indeterminate period  
of time, and potentially independent of any privacy settings the agent  
might otherwise support.  For the purposes of addressing this concern,  
I think the text that is there is basically fine, but just needs to be  
elaborated on.  We want to say that we're not forcing the user agent  
to store this indefinitely, just that they keep it around *at least as  
long* as other history information.

I propose adding a new paragraph:

The requirements in this section do not require user agents to store  
information about past interactions longer than they otherwise would.   
Historical TLS information stored for the purposes of evaluating  
changes of security level MAY be expunged from the user agent on the  
same schedule as other browsing history information.  Historical TLS  
information MUST NOT be expunged prior to other browsing history  
information.

I believe this completes ACTION-376.

Cheers,

Johnathan

---
Johnathan Nightingale
Human Shield
johnath@mozilla.com

Received on Friday, 15 February 2008 21:13:23 UTC