- From: <michael.mccormick@wellsfargo.com>
- Date: Thu, 10 Jan 2008 11:30:11 -0600
- To: <hahnt@us.ibm.com>, <public-wsc-wg@w3.org>
- Cc: <Mary_Ellen_Zurko@notesdev.ibm.com>
- Message-ID: <9D471E876696BE4DA103E939AE64164DB43284@msgswbmnmsp17.wellsfargo.com>
Sure, I agree the padlock is a binary representation of a boolean security
score formula based on a single security variable (SSL on main page). A
degenerate case IMHO - but still technically a page security score.
A security score algorithm should take into account most (if not all) of the
variables we enumerated under "What is a Secure Page?" Perhaps the note
should state that explicitly. Then padlocks wouldn't qualify.
_____
From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On
Behalf Of Timothy Hahn
Sent: Thursday, January 10, 2008 10:40 AM
To: public-wsc-wg@w3.org
Subject: Re: Is the padlock a page security score?
Mez,
I'll toss in my view that the padlock is an example of a page security
score. In most user agents, this seems to be pretty much "binary" (on or
off) though I think we've heard from some folks that there are some
"embellishments" on their display of the icon which would provide more
gradations based on information received.
On the bright side of such a visible item - it is relatively easy to
describe and for people to grasp the meaning of.
On the down side of the padlock - ... well, we've had lots of that
discussion on this list already - see the archives.
Regards,
Tim Hahn
IBM Distinguished Engineer
Internet: hahnt@us.ibm.com
Internal: Timothy Hahn/Durham/IBM@IBMUS
phone: 919.224.1565 tie-line: 8/687.1565
fax: 919.224.2530
From: "Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com>
To: public-wsc-wg@w3.org
Date: 01/10/2008 11:10 AM
Subject: Is the padlock a page security score?
_____
If not, why not?
Mez
Received on Thursday, 10 January 2008 17:35:50 UTC