- From: Mark Watson <watsonm@netflix.com>
- Date: Wed, 29 Apr 2015 08:41:34 -0700
- To: www-tag <www-tag@w3.org>
- Message-ID: <CAEnTvdCyqDqa+sfbm4m0qYY6RK5xLx6Ur2ryoPUu2OcJJvmzDQ@mail.gmail.com>
All, During some of the discussions about HTTPS, the point was raised that HTTPS gives you only an assurance about the identity of the site and the privacy of your communication with that site. It tells you nothing about the security and privacy properties of the site itself. It occurred to me that there are many third-party organizations, eTrust or any of the anti-virus people for example, that do aim to give users information about the security and privacy properties of sites (both positive and negative). But there is, as far as I know, no secure mechanism for these attestations to be presented to users: case-by-case policing of abuse of those logos / marks is the only defense. So my question is whether there is any ongoing work, or if it even makes sense, for UAs to play a role in secure delivery of such third-party attestations to users ? (I would expect it to be a long-term project - I'm not thinking about quick-fixes here). Thanks in advance, Mark
Received on Wednesday, 29 April 2015 15:42:02 UTC