ISSUE-145
WhatIsASecurePage not fully incorporated
- State:
- CLOSED
- Product:
- wsc-xit
- Raised by:
- Yngve Pettersen
- Opened on:
- 2007-12-17
- Description:
- This issue tracks the points raised in this message:
http://www.w3.org/mid/op.t225ya12qrq7tp@nimisha.oslo.opera.com
http://www.w3.org/2006/WSC/wiki/WhatIsASecurePage
AFAICT, the following recommendations are not yet in wsc-xit, or possibly not sufficiently covered.
#6/#16: all-EV site (or in new nomenclature: all-AA sites).
#12: Delayed security level change (mostly to upgrade security level, despite unsecure loading). May
be covered by current security level change language.
More radical proposals not included
#8: Forbid mixing of non-TLS-protected content in TLS-protected webpages
#10: Forbid unsecure->secure password submit by clients
#11: secure->Unsecure POST submits
#13: Treat https-part of URL as a security indicator (also, relevant in relation to "Chinese
whispers"-robustness, ACTION-347)
- Related Actions Items:
- No related actions
- Related emails:
- ISSUE-145 WhatIsASecurePage not fully incorporated (from Mary_Ellen_Zurko@notesdev.ibm.com on 2008-04-25)
- Re: ACTION-349: verify that normative material from WhatIsASecurePage was fully incorporated in wsc-xit (from tlr@w3.org on 2007-12-17)
- ISSUE-145: WhatIsASecurePage not fully incorporated [wsc-xit] (from sysbot+tracker@w3.org on 2007-12-17)
Related notes:
No additional notes.
Display change log