- From: David Woolley <forums@david-woolley.me.uk>
- Date: Wed, 31 Oct 2007 22:56:07 +0000
- To: 'WAI Interest Group list' <w3c-wai-ig@w3.org>
Joshue O Connor wrote: > This area is very interesting. For example is security binary? Is > something either completely secure or completely insecure? Are there > grey areas where the connection may be partially secured and good enough > to use but not *completely* secure and so on? > > To me it makes more sense for a user agent to be able to inform the user > to what degree a connection is secure. The user agent could detect the > encryption algorithm/key and inform the user if it is a high bit rate > (128 +) or of a lower variety. Colour coding can be used to visually > show the user however how is this information given to a screen reader user? The most important security parameters aren't actually made available easily or at all to users using browsers in normal visual mode. To a large extent the key length is simply playing the numbers game. The most important thing for an AT presenting a secure site is that it announce the domain name to the user, something which I suspect is normally suppressed as technical noise. Unfortunately, this basic check fails on many sites, and the use of https is smoke and mirrors because you are actually talking to a payment service site, which may be an unknown ISP. If you want a quantification of security, more important than the key length is the root certificate used to sign the server certificate. Different root certificates, from the same certifier, represent different levels of authentication that the certifier really is dealing with entity named in the certificate. > > NOTICE: The information contained in this email and any attachments > is confidential and may be privileged. If you are not the intended Really? -- David Woolley Emails are not formal business letters, whatever businesses may want. RFC1855 says there should be an address here, but, in a world of spam, that is no longer good advice, as archive address hiding may not work.
Received on Wednesday, 31 October 2007 22:56:19 UTC