- From: Mary Ellen Zurko <mzurko@us.ibm.com>
- Date: Mon, 12 Apr 2010 14:02:44 -0400
- To: public-wsc-wg@w3.org
- Message-ID: <OF17031D37.5FBCB3C8-ON85257703.0062D8AF-85257703.0062F67A@LocalDomain>
Going once, going twice.... (anyone with any issues with the CR text and reasoning in this thread?) From: Joe Steele <steele@adobe.com> Date: Fri, 9 Apr 2010 10:33:13 -0700 To: Thomas Roessler <tlr@w3.org> CC: "ifette@google.com" <ifette@google.com>, Web Security Context Working Group WG <public-wsc-wg@w3.org> Message-ID: <6BBBE705-5FD5-4B51-9ACF-8FCFB1B6EF60@adobe.com> I am fine with the CR version of this text. On Apr 9, 2010, at 9:56 AM, Thomas Roessler wrote: > Ian Fette (イアンフェッティ) wrote: >> I am very unhappy about this. I personally think it would be confusing to >> users to see e.g. EV indication with an http URL. Users have no way of >> knowing what the heck is going on here with upgrade, and furthermore are >> likely to think they are secure when they just cut and paste in that URL >> (since the upgrade will start on server response, as opposed to the client >> expecting TLS/SSL from the start.) >> >> If a site wants to use upgrade for whatever reason, fine, but if they want >> the full SSL UI IMO they should instead do a >> >> HTTP/1.1 301 Moved Permanently >> Location: https://www.example.org/ >> >> I am not in favor of this change to WSC-UI, and think we should reject the >> proposal in [2] and instead leave the spec as it was. > > I can live with either following [2] or returning to the CR version on this > particular language. > > I will note that, during the call, we didn't consider the UI implications of > not having an https URI, so I'm in favor of discussing that aspect, even > though it (strictly speaking) implies reopening the issue. > > > >> Am 9. April 2010 08:22 schrieb Web Security Context Working Group Issue >> Tracker<sysbot+tracker@w3.org<sysbot%2Btracker@w3.org>>: >> >>> ISSUE-245: Do not require HTTPS URI for strong TLS protection >>> >>> http://www.w3.org/2006/WSC/track/issues/245 >>> >>> Raised by: Thomas Roessler >>> On product: >>> >>> In LC-2382 [1], it was noted that the definition of "strongly protected TLS >>> connections" required use of an HTTPS URI. For detailed discussion, see [2]. >>> >>> The WG decided during its call on 2010-03-31 [3] to accept the proposal in >>> [2]. >>> >>> 1. >>> http://www.w3.org/2006/02/lc-comments-tracker/39814/WD-wsc-ui-20100309/2382 >>> 2. http://lists.w3.org/Archives/Public/public-wsc-wg/2010Apr/0009.html >>> 3. http://www.w3.org/2010/03/31-wsc-minutes.html >>> >>> >>> >>> >> > >
Received on Monday, 12 April 2010 18:01:34 UTC