Review of editors draft from Joe Steele on 2009-05-27 (public-wsc-wg@w3.org from May 2009)

From: Joe Steele <steele@adobe.com>
Date: Wed, 27 May 2009 07:39:17 -0700
To: "public-wsc-wg@w3.org" <public-wsc-wg@w3.org>
Message-ID: <C6429EA5.97AD%steele@adobe.com>

Here are my notes from my quick review, broken down by section.
Mostly minor nits.
Maybe this will get through - I have had two bounces so far. :-(

1 Overview
p2 -- reference to "identity information" -- can we have a more explicit reference here? See my 4.2 comment.
p3 -- " This document is intended to provide user interface guidelines, most sections"
-- should be reworded a little - either "This document is intended to provide user interface guidelines. Most sections"
Or "This document is intended to provide user interface guidelines, however most sections"

4.2 Terms and definitions
Should we add "identity information" to this list? With possibly a forward reference to "identity signal"

5.1.1 Interactively accepting trust anchors
p3 -- accepting trust anchors? really? I thought it was just end-entity certificates

5.1.2 Augmented Assurance Certificates
[Definition: augmented assurance qualified] -- not sure this paragraph really defines the phrase

5.1.3 Validated Certificates
Need to define here how "interactive acceptance" is different from "pinning"

5.2 Types of TLS
Definition of "strong TLS algorithms" should mention section 3.4 I think

5.3 Mixed Content
p5 is ambiguous -- should say something about the top level resource being protected with an AA certificates
And include a forward reference to 8.6

5.4.1 TLS errors
p5 -- "in a dialog and other secondary" should be "in a dialog or other secondary"

5.4.4 Insecure form submission
FIrst sentence is incomplete "through strongly TLS-protected."
Either add "channels" or terminate the sentence earlier e.g. "Users interacting with a TLS-secured page are likely to develop the impression that information submitted during these interactions will be strongly TLS-protected."

6.3. TLS Indicator
p3 2nd sentence and p4 seems to be incompatible with 6.1.2 "Identity Signal Content" p5

7.4.1 Obscuring...
end of the sentence is garbled (informatio") should be information.

8.7 XMLHttpRequest reference links are broken

10 References

EFFECTIVE, KCM, PETNAMES, RFC2560 are not links -- any reason they should not be?

Enjoy!

Joe Steele

Received on Wednesday, 27 May 2009 14:39:52 UTC