- From: Joe Steele <steele@adobe.com>
- Date: Tue, 09 Sep 2008 11:31:13 -0700
- To: <public-wsc-wg@w3.org>
- Message-ID: <C4EC0F01.2A4E%steele@adobe.com>
This action was added at the last meeting in response to the discussion around ³finer grained origins² attacks. Here is a link to some research on the problem: http://crypto.stanford.edu/websec/origins/fgo.pdf. When the TLS-protected type for a new page refers to an origin for which an existing TLS-protected page is already open, and the TLS-protected types are different, we need to warn the user. I am not sure where the best place to add this would be. Candidates are 5.4.1 (but this is not really a TLS Error) or 6.1.2 (but that section does not talk about error messages). I propose a new section -- 5.4.5. Proposed text for Section 5.4.5 -- When the user is interacting with a TLS-secured page and another TLS-secured page in the same origin is browsed to, the TLS protection type may be different. The user agent MUST use error signalling of class warning or higher (6.4.3 Warning/Caution Message, 6.4.4 Danger Messages) in each of the following cases: 1. If one page is strongly TLS-protected with an AA certificate and the other page does not use an AA certificate 2. If one page is strongly TLS-protected with a validated certificate and the other page uses a pinned certificate 3. If one page is strongly TLS-protected and the other page is weakly TLS-protected. Joe Steele Adobe Systems
Received on Tuesday, 9 September 2008 18:31:56 UTC