- From: Ian Fette <ifette@google.com>
- Date: Tue, 13 May 2008 12:45:33 -0700
- To: "Serge Egelman" <egelman@cs.cmu.edu>
- Cc: "Web Security Context Working Group WG" <public-wsc-wg@w3.org>
- Message-ID: <bbeaa26f0805131245l51a09e4nf780ca4cd99707b7@mail.gmail.com>
We settled this in the f2f today. We basically ended up saying that the user interaction to dismiss the danger dialog/interstitial should be different than the one for dismissing warning. I don't have the exact text, but the intent was to say that it's more sever and should not have the same interaction to dismiss. User agents MAY decide not to offer a click through, but that's left to the UA to decide. -Ian On Tue, May 13, 2008 at 8:55 AM, Serge Egelman <egelman@cs.cmu.edu> wrote: > > I would agree with this change. However, the difference should be that > the DANGER message appears to be much more severe. Maybe also make it > harder to override, but not impossible (e.g. clicking an option in > preferences). > > serge > > > Web Security Context Working Group Issue Tracker wrote: > > > > > ISSUE-198 (Be the user's agent and do their bidding): 6.4.4 Danger > > messages should not strictly forbid user agents from doing the user's > > bidding [wsc-xit] > > > > http://www.w3.org/2006/WSC/track/issues/ > > > > Raised by: Ian Fette > > On product: wsc-xit > > > > Section 6.4.4 danger messages says "These interactions MUST be presented > > in a way that makes it impossible for the user go to or interact with the > > destination web site that caused the danger situation to occur." This is > > unacceptable, as the user agent is precisely that - the user's agent. The > > browser should never prevent the user from reaching the page that they wish. > > It can warn users, but should always offer a way to proceed, even if this > > includes some very longish set of steps to do so. At the end of the day > > though, the user must be able to proceed. > > > > My suggested change: Change that text to say "These interactions MUST be > > presented in a way that makes it impossible for the user go to or interact > > with the destination web site that caused the danger situation to occur, > > without first explicitly interacting with the Danger Message." > > > > I'm really having trouble reasoning if there should be a difference > > between DANGER and WARNING at all. Perhaps the only difference is that the > > text is harsher in DANGER messages? > > > > > > > > > > > -- > -- > /* > PhD Candidate > Carnegie Mellon University > > "Whoever said there's no such thing as a free lunch was never a grad > student." > > All views contained in this message, either expressed or implied, are the > views of my employer, and not my own. > */ > >
Received on Tuesday, 13 May 2008 19:46:18 UTC