- From: Johnathan Nightingale <johnath@mozilla.com>
- Date: Fri, 3 Oct 2008 14:41:01 -0400
- To: "Serge Egelman" <egelman@cs.cmu.edu>
- Cc: "Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com>, "Hallam-Baker, Phillip" <pbaker@verisign.com>, public-wsc-wg@w3.org
- Message-Id: <3FA440AE-B0D2-4E09-BA4F-CB6E9BF61440@mozilla.com>
Microsoft are members of the CABForum and are actively discussing the question of including logotypes in the EV guidelines, based on a proposal from Phil. It's certainly true that the verification implications are steep, but then again there is no global, authoritative register of organization names, either. The degree to which implementors are comfortable with this, or any other piece of information, will mostly come down to, as you suggest: the confidence one has in the quality of the verification (be it Madrid protocol or other), and the degree to which the attesting CA is willing to assume liability for verification failures. Nevertheless, to answer Mez's question - Firefox doesn't implement this presently, and won't do so without a standard of identification that we support. While those discussions are happening, that puts it well out on our roadmap as well. Cheers, Johnathan On 3-Oct-08, at 2:27 PM, Serge Egelman wrote: > I obviously do not speak for Microsoft, but I have been told that > it's highly unlikely that IE would be implementing this. Phill and > anyone else involved in CAB Forum should be aware of Microsoft's > position: trademark is highly territorial and therefore cannot be > enforced globally. Creating a security indicator that assumes the > opposite will not be effective and creates many potential legal > problems for implementors. > > serge > > On Fri, Oct 3, 2008 at 11:14 AM, Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com > > wrote: > > But the main point is, in our Features at Risk table, no one is > implementing logotypes at all, in any form. While are necessary to > get them through CR. If no one implements them, they won't make it. > They're already a feature at risk. Does anyone think that they (or > anyone else) will be implementing them as an add on for our CR phase? > > Mez > > > > > From: "Hallam-Baker, Phillip" <pbaker@verisign.com> > To: "Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com>, <public-wsc-wg@w3.org > > > Date: 10/01/2008 10:07 AM > Subject: RE: Pull the plug on logotypes? > > > > > I disagree that the audio interactions are an issue. > > The purpose of the logotype is to provide an immediately > recognizable subject identity, The standard subject field in the X. > 509 cert contains sufficient information to provide text-to speech > rendering of the subject identity. > > There may be secure chrome issues for voice browsers but they do not > have any connection to the logotypes issue since you wouldn't use > them. > > > > -----Original Message----- > From: public-wsc-wg-request@w3.org on behalf of Mary Ellen Zurko > Sent: Fri 9/26/2008 5:11 PM > To: public-wsc-wg@w3.org > Subject: Pull the plug on logotypes? > > None of our participating browsers are implementing them: > http://www.w3.org/2006/WSC/wiki/FeaturesAtRisk > > The audio interactions for accessibility are non trivial. > > We won't have worked examples to sanity check. > > I propose we remove them. > > Thoughts? > > > > > > > > > > > > > -- > /* > I am Serge Egelman and I approve this message. > > */ --- Johnathan Nightingale Human Shield johnath@mozilla.com
Received on Friday, 3 October 2008 18:41:46 UTC