- From: Thomas Roessler <tlr@w3.org>
- Date: Fri, 14 Mar 2008 18:40:57 +0100
- To: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>, public-wsc-wg@w3.org
On 2008-03-08 14:17:28 +0100, Thomas Roessler wrote: > During interactions with a Web page for which any of the > resources involved was retrieved through a weakly > TLS-protected or unprotected transaction, the identity > signal MUST NOT include any positive trust indicators > exceeding those in use for unprotected HTTP transactions. In > this situation, the identity signal MAY include indicators > that point out any error conditions that occurred. > > This moves away a little bit from the consistency notion, and also > keeps the door open for some more error signalling. Let me know > what you think. Changed this just say "mixed content", with a reference to the definition of that term. I'm still not 100% satisfied with the outcome, as it doesn't yet capture the notion that some weakly protected stuff should not generate obnoxious warnings. -- Thomas Roessler, W3C <tlr@w3.org>
Received on Friday, 14 March 2008 17:41:31 UTC