Re: ISSUE-161: Be clearer about security indicator images [wsc-xit] from Serge Egelman on 2008-01-05 (public-wsc-wg@w3.org from January 2008)

From: Serge Egelman <egelman@cs.cmu.edu>
Date: Sat, 5 Jan 2008 05:46:30 -0500 (EST)
To: "Web Security Context Working Group WG" <public-wsc-wg@w3.org>
Message-ID: <50033.217.118.122.213.1199529990.squirrel@217.118.122.213>

> 
> ISSUE-161: Be clearer about security indicator images [wsc-xit]
> 
> http://www.w3.org/2006/WSC/track/issues/
> 
> Raised by: Mary Ellen Zurko On product: wsc-xit
> 
> 9.1
> 
> "trust indicating images" is way too general. Sites want to look
> trustworthy. If only behaving sites don't look trustworthy, only
> malicious sites will. My proposal:
> 
> Web pages MUST NOT include images used by widely deployed web user agents
> to represent specific security context states or values. For example,
> padlocks in the web content.
> 

But then aren't we still in the same place where "only behaving sites don't look trustworthy, only malicious sites will."  This would mean that only malicious sites will show padlocks in the content.


serge

Received on Saturday, 5 January 2008 10:46:34 UTC