- From: Thomas Roessler <tlr@w3.org>
- Date: Wed, 27 Feb 2008 14:47:30 +0100
- To: tyler.close@hp.com
- Cc: WSC WG <public-wsc-wg@w3.org>
Section 9.2 - Use TLS for Login Pages - now reads as follows: Web pages MUST use TLS, or similar protection, to protect both the solicitation and transmission of secrets, such as passwords, against disclosure to unauthorized parties. -- http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#tls-login-pages Web Security Context: Experience, Indicators, and Trust Editor's Draft 27 February 2008 $Revision: 1.166 $ $Date: 2008/02/27 13:45:00 $ In the 5 February minutes, I also find the following remark from Tyler on IRC: An author MUST NOT create a web page served using TLS that includes other representations not served using at least that level of protection. From the minutes, I can't quite tell whether that's supposed to be an additional suggestion, or whether there was any agreement that something along these lines should be included. Tyler, any recollection? -- Thomas Roessler, W3C <tlr@w3.org>
Received on Wednesday, 27 February 2008 13:47:39 UTC