- From: <michael.mccormick@wellsfargo.com>
- Date: Thu, 10 Jan 2008 12:39:54 -0600
- To: <beltzner@mozilla.com>
- Cc: <ifette@google.com>, <Anil.Saldhana@redhat.com>, <hahnt@us.ibm.com>, <public-wsc-wg@w3.org>, <Mary_Ellen_Zurko@notesdev.ibm.com>
I agree. But the more variables the security indicator takes into account, the more helpful it becomes for users making trust decisions. -----Original Message----- From: Mike Beltzner [mailto:beltzner@mozilla.com] Sent: Thursday, January 10, 2008 12:35 PM To: McCormick, Mike Cc: ifette@google.com; Anil.Saldhana@redhat.com; hahnt@us.ibm.com; public-wsc-wg@w3.org; Mary_Ellen_Zurko@notesdev.ibm.com Subject: Re: Is the padlock a page security score? michael.mccormick@wellsfargo.com wrote: > I would ask the same question about a binary indicator. The padlock > does not mean it's safe to enter a credit card. That is a problem with what the padlock indicates, not with the fact that it's a binary indicator. There is nothing that we can ever do to assure that it's "safe" to enter a credit card number - even if we can verify the identity of the endpoint, and the encryption on the wire, and that the endpoint has a BBB rating, it's entirely possible that there's someone who's installed a backdoor to their database system. cheers, mike
Received on Thursday, 10 January 2008 18:40:08 UTC