Re: Is the padlock a page security score? from Ian Fette on 2008-01-10 (public-wsc-wg@w3.org from January 2008)

From: Ian Fette <ifette@google.com>
Date: Thu, 10 Jan 2008 10:25:48 -0800
To: "Anil Saldhana" <Anil.Saldhana@redhat.com>
Cc: michael.mccormick@wellsfargo.com, hahnt@us.ibm.com, public-wsc-wg@w3.org, Mary_Ellen_Zurko@notesdev.ibm.com
Message-ID: <bbeaa26f0801101025l2440147eycfc947af1513c0db@mail.gmail.com>

I still don't understand what anything beyond a binary result is supposed to
tell a user. I'm on a site with "Medium" security - what does that mean?
Does that mean that I should give them my credit card or not?

On Jan 10, 2008 10:00 AM, Anil Saldhana <Anil.Saldhana@redhat.com> wrote:

>
> Maybe there is an opportunity to associate "High/Medium/Low" or
> "Strong/Medium/Low" based on page security score with the padlock.
>
> michael.mccormick@wellsfargo.com wrote:
> > Sure, I agree the padlock is a binary representation of a boolean
> security
> > score formula based on a single security variable (SSL on main page).  A
> > degenerate case IMHO - but still technically a page security score.
> >
> > A security score algorithm should take into account most (if not all) of
> the
> > variables we enumerated under "What is a Secure Page?"  Perhaps the note
> > should state that explicitly.  Then padlocks wouldn't qualify.
> >
> >   _____
> >
> > From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org]
> On
> > Behalf Of Timothy Hahn
> > Sent: Thursday, January 10, 2008 10:40 AM
> > To: public-wsc-wg@w3.org
> > Subject: Re: Is the padlock a page security score?
> >
> >
> >
> > Mez,
> >
> > I'll toss in my view that the padlock is an example of a page security
> > score.  In most user agents, this seems to be pretty much "binary" (on
> or
> > off) though I think we've heard from some folks that there are some
> > "embellishments" on their display of the icon which would provide more
> > gradations based on information received.
> >
> > On the bright side of such a visible item - it is relatively easy to
> > describe and for people to grasp the meaning of.
> >
> > On the down side of the padlock -  ... well, we've had lots of that
> > discussion on this list already - see the archives.
> >
> > Regards,
> > Tim Hahn
> > IBM Distinguished Engineer
> >
> > Internet: hahnt@us.ibm.com
> > Internal: Timothy Hahn/Durham/IBM@IBMUS
> > phone: 919.224.1565     tie-line: 8/687.1565
> > fax: 919.224.2530
> >
> >
> >
> >
> > From:         "Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com>
> >
> > To:   public-wsc-wg@w3.org
> >
> > Date:         01/10/2008 11:10 AM
> >
> > Subject:      Is the padlock a page security score?
> >
> >   _____
> >
> >
> >
> >
> >
> > If not, why not?
> >
> >          Mez
> >
> >
> >
> >
> >
>
> --
> Anil Saldhana
> Project/Technical Lead,
> JBoss Security & Identity Management
> JBoss, A division of Red Hat Inc.
> http://labs.jboss.com/portal/jbosssecurity/
>
>

Received on Thursday, 10 January 2008 18:26:10 UTC