- From: Mary Ellen Zurko <mzurko@us.ibm.com>
- Date: Fri, 2 Jan 2009 08:57:17 -0500
- To: "Thomas Roessler <tlr" <tlr@w3.org>
- Cc: WSC WG <public-wsc-wg@w3.org>
- Message-ID: <OF5ED66824.5E1F8622-ON85257532.004C6A9B-85257532.004CAE63@LocalDomain>
I like this proposal: > What protection level is represented by the [ref TLS indicator]; > If the Web page is [ref weakly] TLS-protected, then, what conditions > cause the protection to be weak (e.g., bad algorithms, mixed > content, ...) It seems straightforward; its meant to provide a more detailed explanation of the state shown to the user, should one be desired. What is the cause of your unhappiness (or lack of 100% joy)? From: Thomas Roessler <tlr@w3.org> To: WSC WG <public-wsc-wg@w3.org> Date: 12/22/2008 09:43 AM Subject: ACTION-538: Draft proposals for 6.2.G Sent by: public-wsc-wg-request@w3.org Section 6.2.G is the following piece of additional security information: > The information sources SHOULD make the following security context > information available: ... > Whether a Web page is TLS-protected, whether the protection is weak > or strong, and the reasons for the value of the protection According to the relevant minutes [1], I said on 24 October that I could see two different ways of going about this one. From the notes of the discussion, I think the choice was between the following two: > Whether a Web page is TLS-protected, and what strength this > protection has or: > What protection level is represented by the [ref TLS indicator]; > If the Web page is [ref weakly] TLS-protected, then, what conditions > cause the protection to be weak (e.g., bad algorithms, mixed > content, ...) I'm not 100% happy with this, and would appreciate feed-back. 1. http://lists.w3.org/Archives/Member/member-wsc-wg/2008Dec/0004.html -- Thomas Roessler, W3C <tlr@w3.org>
Received on Friday, 2 January 2009 13:58:13 UTC