ISSUE-203

securityconsiderations

Update Security Considerations

State:

CLOSED

Product:

wsc-xit

Raised by:

Thomas Roessler

Opened on:

2008-05-14

Description:

The security considerations section is very rudimentary. We'll want to make it more extensive before going to Last Call.

Specific questions that I would like us to cover:

- where do we currently rely on specific user behavior to guarantee security?
- where are we making protocol assumptions?
- where are we giving choices that are more or less secure?

Related Actions Items:

• ACTION-453 on Yngve Pettersen to Provide initial draft of security considerations for EV mixed with DV case - due 2008-05-30, closed
• ACTION-456 on Thomas Roessler to Say why validated certs are worthy of so much reliance, for security considerations - due 2008-06-06, closed
• ACTION-457 on Phillip Hallam-Baker to Give overview of why logotypes are interesting in security considerations section - due 2008-06-11, closed
• ACTION-458 on Anil Saldhana to Add a couple of sentences about what the security consideration section means - due 2008-06-20, closed

Related emails:

1. wsc-xit issues clean-up (from tlr@w3.org on 2008-08-21)
2. Meeting record: 2008-05-14 (from tlr@w3.org on 2008-06-06)
3. ISSUE-205 (OCSP Failure Risk): Add security consideration for OCSP failure (from sysbot+tracker@w3.org on 2008-05-14)
4. ISSUE-203 (securityconsiderations): Update Security Considerations [wsc-xit] (from sysbot+tracker@w3.org on 2008-05-14)

Related notes:

No additional notes.

Display change log