Re: ISSUE-236: Drop redirection chain section (5.4.3) [wsc-xit]

After discussion and due consideration, I agree with dropping it. 

Though props to Opera for their implementation!

          Mez





From:   Mary Ellen Zurko/Westford/IBM@Lotus
To:     Web Security Context Working Group WG <public-wsc-wg@w3.org>
Date:   02/23/2010 08:35 AM
Subject:        Re: ISSUE-236: Drop redirection chain section (5.4.3) 
[wsc-xit]
Sent by:        public-wsc-wg-request@w3.org



There is one alternative I can think of. I gather of the three browsers, 
only Opera does anything to try to give the user any indication that the 
security has been compromised. And that's to set the TLS indicator to some 
weaker level (in this case, to remove it). If it is an alternative to 1) 
change the text to that and 2) change it to MAY or SHOULD, I would support 
that. 

          Mez





From:        Web Security Context Working Group Issue Tracker 
<sysbot+tracker@w3.org>
To:        public-wsc-wg@w3.org
Date:        02/22/2010 06:05 PM
Subject:        ISSUE-236: Drop redirection chain section (5.4.3) 
[wsc-xit]
Sent by:        public-wsc-wg-request@w3.org




ISSUE-236: Drop redirection chain section (5.4.3) [wsc-xit]

http://www.w3.org/2006/WSC/track/issues/236

Raised by: Thomas Roessler
On product: wsc-xit

Based on lack of implementation, proposed: to drop the language in section 
5.4.3, on creating a warning when navigation between TLS-protected pages 
goes through an insecure intermediate state.

Received on Friday, 26 February 2010 19:34:30 UTC