- From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
- Date: Fri, 12 Sep 2008 12:28:37 -0400
- To: "Joe Steele <steele" <steele@adobe.com>
- Cc: public-wsc-wg@w3.org
- Message-ID: <OF425D7B55.0C507412-ON852574C2.005A7684-852574C2.005A8294@LocalDomain>
If this needs to be tracked, someone needs to create an issue. fyi.
Mez
From:
Joe Steele <steele@adobe.com>
To:
<public-wsc-wg@w3.org>
Date:
09/09/2008 02:27 PM
Subject:
ACTION-510 - Draft \"security state change needs to be in user's face\"
Sent by:
public-wsc-wg-request@w3.org
This action was added at the last meeting in response to the discussion
around ?finer grained origins? attacks. Here is a link to some research on
the problem: http://crypto.stanford.edu/websec/origins/fgo.pdf.
When the TLS-protected type for a new page refers to an origin for which
an existing TLS-protected page is already open, and the TLS-protected
types are different, we need to warn the user. I am not sure where the
best place to add this would be. Candidates are 5.4.1 (but this is not
really a TLS Error) or 6.1.2 (but that section does not talk about error
messages). I propose a new section -- 5.4.5.
Proposed text for Section 5.4.5 --
When the user is interacting with a TLS-secured page and another
TLS-secured page in the same origin is browsed to, the TLS protection type
may be different. The user agent MUST use error signalling of class
warning or higher (6.4.3 Warning/Caution Message, 6.4.4 Danger Messages)
in each of the following cases:
1. If one page is strongly TLS-protected with an AA certificate and
the other page does not use an AA certificate
2. If one page is strongly TLS-protected with a validated certificate
and the other page uses a pinned certificate
3. If one page is strongly TLS-protected and the other page is weakly
TLS-protected.
Joe Steele
Adobe Systems
Received on Friday, 12 September 2008 16:41:56 UTC