- From: Close, Tyler J. <tyler.close@hp.com>
- Date: Tue, 4 Mar 2008 21:55:01 +0000
- To: Thomas Roessler <tlr@w3.org>
- CC: WSC WG <public-wsc-wg@w3.org>
I'm not sure, but I think I typed that in while we were discussing HTTPS -> HTTP -> HTTPS redirects, thinking it might be a related piece of text we could agree on if we reached agreement on the redirect issue. --Tyler > -----Original Message----- > From: Thomas Roessler [mailto:tlr@w3.org] > Sent: Wednesday, February 27, 2008 5:48 AM > To: Close, Tyler J. > Cc: WSC WG > Subject: ACTION-386: Use TLS for Login Pages > > Section 9.2 - Use TLS for Login Pages - now reads as follows: > > Web pages MUST use TLS, or similar protection, to protect both the > solicitation and transmission of secrets, such as passwords, > against disclosure to unauthorized parties. > > -- > http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#tls-login-pages > Web Security Context: Experience, Indicators, and Trust > Editor's Draft 27 February 2008 > $Revision: 1.166 $ $Date: 2008/02/27 13:45:00 $ > > In the 5 February minutes, I also find the following remark from > Tyler on IRC: > > An author MUST NOT create a web page served using TLS that > includes other representations not served using at least that > level of protection. > > From the minutes, I can't quite tell whether that's supposed to be > an additional suggestion, or whether there was any agreement that > something along these lines should be included. > > Tyler, any recollection? > > -- > Thomas Roessler, W3C <tlr@w3.org> >
Received on Tuesday, 4 March 2008 21:56:07 UTC