Re: ISSUE-236: Drop redirection chain section (5.4.3) [wsc-xit] from Mary Ellen Zurko on 2010-02-23 (public-wsc-wg@w3.org from February 2010)

From: Mary Ellen Zurko <mzurko@us.ibm.com>
Date: Tue, 23 Feb 2010 08:36:13 -0500
To: Web Security Context Working Group WG <public-wsc-wg@w3.org>
Message-ID: <OF3ED24EBB.A42CD909-ON852576D3.004A48E1-852576D3.004A949C@LocalDomain>

There is one alternative I can think of. I gather of the three browsers, 
only Opera does anything to try to give the user any indication that the 
security has been compromised. And that's to set the TLS indicator to some 
weaker level (in this case, to remove it). If it is an alternative to 1) 
change the text to that and 2) change it to MAY or SHOULD, I would support 
that. 

          Mez





From:   Web Security Context Working Group Issue Tracker 
<sysbot+tracker@w3.org>
To:     public-wsc-wg@w3.org
Date:   02/22/2010 06:05 PM
Subject:        ISSUE-236: Drop redirection chain section (5.4.3) 
[wsc-xit]
Sent by:        public-wsc-wg-request@w3.org




ISSUE-236: Drop redirection chain section (5.4.3) [wsc-xit]

http://www.w3.org/2006/WSC/track/issues/236

Raised by: Thomas Roessler
On product: wsc-xit

Based on lack of implementation, proposed: to drop the language in section 
5.4.3, on creating a warning when navigation between TLS-protected pages 
goes through an insecure intermediate state.

Received on Tuesday, 23 February 2010 13:35:14 UTC