ACTION-18
Formalize the need to be able to understand/visualize the \"strength\" of SSL protection in place
- State:
- closed
- Person:
- Bill Doyle
- Due on:
- November 21, 2006
- Created on:
- November 14, 2006
- Related emails:
- Agenda, Wednesay, 23 May, WSC Call (from Mary_Ellen_Zurko@notesdev.ibm.com on 2007-05-22)
- Re: Agenda, 09 Jan, WSC Call (from tlr@w3.org on 2007-01-09)
- Agenda, 09 Jan, WSC Call (from Mary_Ellen_Zurko@notesdev.ibm.com on 2007-01-05)
- Agenda, 09 Jan, WSC Call (from Mary_Ellen_Zurko@notesdev.ibm.com on 2007-01-05)
- Minutes: WSC WG face-to-face 2006-11-14/15 (from tlr@w3.org on 2006-11-21)
- Re: Action Item 18 - understand/visualize the strength of SSL (from tlr@w3.org on 2006-11-20)
- Action items (from tlr@w3.org on 2006-11-17)
Related notes:
The strength of SSL protection is based on a negotiated session between a server and a users browser. The SSL protocol provides mechanisms for the server and browser to identify cipher suites that they have in common and negotiate mutually acceptable ciphers. Configuration settings may allow the use of different cipher suites that could impact the actual strength of SSL. Many browsers use an on/off presentation to display SSL noting that SSL is either protecting the session or not. A binary representation of SSL (on/off) gives the user the impression that each site that uses SSL provides an equal level of protection.
Display change log.