ISSUE-136
Allow new established patterns to redefine what's expected in terms of strong TLS protection
- State:
- CLOSED
- Product:
- wsc-xit
- Raised by:
- Mary Ellen Zurko
- Opened on:
- 2007-12-14
- Description:
- 5.5.3
"Web user agents that have found a resource strongly TLS protected during past interactions MUST consider an interaction with the same resource as a change of security level if that interaction is not strongly TLS protected. "
I believe the "during past interactions" to be stronger than we intend. It seems to include a site that used to be strongly TLS protected long ago, changed over to a self signed cert, and even after the probation period. I would argue that a new pattern has been established by then, therefore there is no change in security level.
- Related Actions Items:
- No related actions
- Related emails:
- ISSUE-136: Allow new established patterns to redefine what's expected in terms of strong TLS protection [wsc-xit] (from sysbot+tracker@w3.org on 2007-12-14)
Related notes:
Added as open issue in xit under Section 5.5.3 Change against historical practice
Anil Saldhana, 21 Jan 2008, 21:47:35Display change log