- From: Johnathan Nightingale <johnath@mozilla.com>
- Date: Thu, 10 Jan 2008 11:38:09 -0500
- To: "Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com>
- Cc: public-wsc-wg@w3.org
Received on Thursday, 10 January 2008 16:38:28 UTC
On 10-Jan-08, at 11:05 AM, Mary Ellen Zurko wrote: > If not, why not? Not to speak for them, but my understanding of the page security score proposals from people like Mike M is that they are intended, as a primary design feature, to be aggregates of many dimensions of "security." In that vein, then, I wouldn't consider the padlock, which really just indicates the presence of a validated SSL connection, to be a page security score as described. Yes, establishing a connection as validated SSL requires multiple tests, but it's still really a single piece of context. Obviously there's been plenty of talk about various scoring algorithms, so someone could say "My algorithm is: 100 - Valid SSL connection, 0 - Everything else" but again, I don't think that accomplishes the aggregation that the requirement envisions. Cheers, J --- Johnathan Nightingale Human Shield johnath@mozilla.com
Received on Thursday, 10 January 2008 16:38:28 UTC