Re: Is the padlock a page security score?

Maybe there is an opportunity to associate "High/Medium/Low" or 
"Strong/Medium/Low" based on page security score with the padlock.

michael.mccormick@wellsfargo.com wrote:
> Sure, I agree the padlock is a binary representation of a boolean security
> score formula based on a single security variable (SSL on main page).  A
> degenerate case IMHO - but still technically a page security score.
>  
> A security score algorithm should take into account most (if not all) of the
> variables we enumerated under "What is a Secure Page?"  Perhaps the note
> should state that explicitly.  Then padlocks wouldn't qualify.
> 
>   _____  
> 
> From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On
> Behalf Of Timothy Hahn
> Sent: Thursday, January 10, 2008 10:40 AM
> To: public-wsc-wg@w3.org
> Subject: Re: Is the padlock a page security score?
> 
> 
> 
> Mez, 
> 
> I'll toss in my view that the padlock is an example of a page security
> score.  In most user agents, this seems to be pretty much "binary" (on or
> off) though I think we've heard from some folks that there are some
> "embellishments" on their display of the icon which would provide more
> gradations based on information received. 
> 
> On the bright side of such a visible item - it is relatively easy to
> describe and for people to grasp the meaning of. 
> 
> On the down side of the padlock -  ... well, we've had lots of that
> discussion on this list already - see the archives. 
> 
> Regards, 
> Tim Hahn
> IBM Distinguished Engineer
> 
> Internet: hahnt@us.ibm.com
> Internal: Timothy Hahn/Durham/IBM@IBMUS
> phone: 919.224.1565     tie-line: 8/687.1565
> fax: 919.224.2530
> 
> 
> 
> 
> From: 	"Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com> 
> 
> To: 	public-wsc-wg@w3.org 
> 
> Date: 	01/10/2008 11:10 AM 
> 
> Subject: 	Is the padlock a page security score?
> 
>   _____  
> 
> 
> 
> 
> 
> If not, why not?
> 
>          Mez
> 
> 
> 
> 
> 

-- 
Anil Saldhana
Project/Technical Lead,
JBoss Security & Identity Management
JBoss, A division of Red Hat Inc.
http://labs.jboss.com/portal/jbosssecurity/

Received on Thursday, 10 January 2008 18:22:04 UTC