Re: Fw: Don't favour https ( LC-2382) from イアンフェッティ on 2010-04-23 (public-wsc-wg@w3.org from April 2010)

From: イアンフェッティ <ifette@google.com>
Date: Fri, 23 Apr 2010 15:45:21 -0700
To: Mary Ellen Zurko <mzurko@us.ibm.com>
Cc: public-wsc-wg@w3.org
Message-ID: <s2kbbeaa26f1004231545x6e0e707ao7310953c08d7299b@mail.gmail.com>

Let him formally object. It's not going to change what any of the browsers
do.

Am 23. April 2010 15:30 schrieb Mary Ellen Zurko <mzurko@us.ibm.com>:

> fyi. We seem to have a philosophical divide on this question (at least that
> is my first reaction). It seems that existing web architecture documents do
> not address the topic of user interface and user understanding implications
> at all (perhaps someone can correct me on that). This seems to be in part
> what the new web science notion is about; build an understanding of humans
> into the overall model. It's not clear to me that we actually have an
> architecture today that maps to the architectural model of AWWW
> (Architecture of the World Wide Web), as I don't know where the security
> characteristics otherwise are or would be. So a spec that articulates
> current best practice would of necessity be at odds with a model that was
> not fully realized.
>
> It's always hard to know which items one should "go to the mat" on.
>
>           Mez
>
>
> ----- Forwarded by Mary Ellen Zurko/Westford/IBM on 04/23/2010 06:16 PM
> -----
>
> From:        Krzysztof Maczyński <1981km@gmail.com>
> To:        <mzurko@us.ibm.com>
> Cc:        <public-usable-authentication@w3.org>
> Date:        04/23/2010 10:12 AM
> Subject:        Re: Don't favour https ( LC-2382)
> Sent by:        public-usable-authentication-request@w3.org
> ------------------------------
>
>
>
> > It would be confusing to
> > users to see an indication of TLS security, such as augmented assurance
> > (such as with EV) certificates, and an http: URI.
> This is based on a misunderstanding about URIs. They identify resources,
> not characteristics of access to those resources (such as security). AWWW
> and other documents are clear on this. Existing confusion in some users
> should be rectified, not entrenched, lest I formally object. My request that
> the spec doesn't go for the latter (specifically, removing "an https URL was
> used" from the definition would resolve the issue) still stands.
>
> Best regards,
>
> Krzysztof Maczyński
> Invited Expert, HTML WG
>
>
>

Received on Friday, 23 April 2010 22:45:51 UTC