ISSUE-136

Allow new established patterns to redefine what's expected in terms of strong TLS protection

State:
CLOSED
Product:
wsc-xit
Raised by:
Mary Ellen Zurko
Opened on:
2007-12-14
Description:
5.5.3

"Web user agents that have found a resource strongly TLS protected during past interactions MUST consider an interaction with the same resource as a change of security level if that interaction is not strongly TLS protected. "

I believe the "during past interactions" to be stronger than we intend. It seems to include a site that used to be strongly TLS protected long ago, changed over to a self signed cert, and even after the probation period. I would argue that a new pattern has been established by then, therefore there is no change in security level.
Related Actions Items:
No related actions
Related emails:
  1. ISSUE-136: Allow new established patterns to redefine what's expected in terms of strong TLS protection [wsc-xit] (from sysbot+tracker@w3.org on 2007-12-14)

Related notes:

Added as open issue in xit under Section 5.5.3 Change against historical practice

Anil Saldhana, 21 Jan 2008, 21:47:35

Display change log ATOM feed


Mary Ellen Zurko <mzurko@us.ibm.com>, Chair, Thomas Roessler <tlr@w3.org>, Staff Contact
Tracker (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 136.html,v 1.1 2010/10/11 09:35:06 dom Exp $