- From: <michael.mccormick@wellsfargo.com>
- Date: Wed, 27 May 2009 17:06:19 -0500
- To: <tlr@w3.org>, <public-wsc-wg@w3.org>
I realize I'm beating a dead horse here, but: If WSC requires all content (not just top level document) to be DV secured when a DV signal is displayed, then it follows logically WSC should at least *recommend* all content be AA secured when the AA signal is displayed. I feel this question is relevant to action #585 because it goes to the heart of the question, "What does the AA indicator mean?" Thanks, Mike -----Original Message----- From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On Behalf Of Thomas Roessler Sent: Wednesday, May 27, 2009 4:07 AM To: WSC WG public Subject: ACTION-585: Check on AA indicator This action went back to Anna Zhang's review of wsc-ui: She had noticed that section 5.3 [1] refers to an augmented assurance indicator that doesn't appear otherwise in the spec. While the indicator actually makes another appearance, that's in the security considerations piece [2], and doesn't help to address Anna's point. To address this point, I think the following things need to happen: - add a few words to 6.1.2 (identity signal content) that make it clear that AA-related signaling is subject to what 5.3 says. (In particular, you *can* show site identity information if an EV site mixes in non-EV, but DV, content.) - it's probably worthwhile to indicate the term "AA indicator" in 6.3, TLS indicator, as well. 1. http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#securepage 2. http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#security-considerations-ev-dv Regards, -- Thomas Roessler, W3C <tlr@w3.org>
Received on Wednesday, 27 May 2009 22:07:01 UTC