Draft implementation report for Web Security Context: UI Guidelines

Author

Mary Ellen Zurko <mzurko@us.ibm.com>
Thomas Roessler <tlr@w3.org>

Date

April 9, 2010

This document is a preliminary implementation report against the current editor’s draft at

/2006/WSC/drafts/rec/rewrite.html

Basic and advanced conformance are defined as in the document's conformance section.

Conformance Statements

Opera

Whether basic or advanced conformance is claimed (see 3.3 Conformance levels)

Basic

What TLS [SSLv3][TLSv11][TLSv12] protocol versions and algorithms are considered as strong TLS algorithms, and what protocol versions and algorithms are supported in TLS negotiation, but not considered strong.

Supported algorithms: AES 128/256, 3DES, RC4, MD5, SHA-1, SHA-256, SHA-512, 10.x supports SSL v3, TLS 1.0, TLS 1.1 and TLS 1.2, all currently considered strong. This version does not support by default any methods we currently consider inherently weak. There is no support for SSL v2, 40-bit or 56 bit ciphers. There is a possibility to enable support for anonymous DH and the Authentication only ciphers, but these always trigger a warning to the user. We *do* consider RSA, DH and DSA keys shorter than 1000 bits to be weak, and below 900 bits we issue a warning.

In 10.x we have auto-updatable preferences that can trigger warnings for MD5 and SHA-1 in certificates, or disable support completely. The same exist for SSL v3.

What user interface element is the TLS indicator defined in this specification.

padlock in the address bar

What user interface element is the identity signal defined in this specification.

location bar with extra area on the right

What broadly accepted practices are considered sufficient for a trust anchor to be deemed augmented assurance qualified (see 5.1.2 Augmented Assurance Certificates), and what data elements are deemed assured by those certificates.

Extended Validation is the only currently supported AA cert scheme. These are recognized based on certificate policy identifiers coded in the certificate chain, and are only accepted if the Root certificate is associated with the same OID (digitally signed information about this association is downloaded regularly from an online repository).
O= and C= are deemed assured by those certificates.

What features beyond the claimed conformance level the user agent conforms with.

See table below.

Google Chrome 5

Whether basic or advanced conformance is claimed (see 3.3 Conformance levels)

Basic

On Linux, we enable only cipher suites with keys of at least 80 bits. On Windows, we share system wide SSL settings for supported cipher suites, and explicitly disable SSLv2 and MD2 and MD4 on certificate signatures. We don’t have anything we accept but consider “weak”.

What user interface element is the TLS indicator defined in this specification.

The padlock in the address bar

What user interface element is the identity signal defined in this specification.

The location bar with the extra indicator information

WebTrust EV audit, in accordance with CA/B Forum EV guidelines.
O= and C= are deemed assured by those certificates.

What features beyond the claimed conformance level the user agent conforms with.

See table below.

Firefox 3.6

Whether basic or advanced conformance is claimed (see 3.3 Conformance levels)

Advanced

http://www.mozilla.org/projects/security/pki/nss/nss-3.11/nss-3.11-algorithms.html contains a list of all supported algorithms. symmetric keys smaller than 90 bits and RSA moduli < 768bits are currently regarded as weak.

What user interface element is the TLS indicator defined in this specification.

The padlock in the lower right corner

What user interface element is the identity signal defined in this specification.

The location bar and the area to the left of it.

http://www.mozilla.org/projects/security/certs/policy/
O= and C= are deemed assured by those certificates.

What features beyond the claimed conformance level the user agent conforms with.

See table below.

Overview table of supported features

WSC Clause	Opera	Chrome	Firefox
I	Conforms Basic	Conforms Basic	Conforms Basic
II	Conforms Advanced	Conforms Advanced	Conforms Advanced
IIa	Conforms Basic	Conforms Basic	Conforms Basic
IV	NA	NA	NA
V	Conforms Optional	Does Not Conform Optional	Does Not Conform Optional
VI	Conforms Advanced	Conforms Advanced	Conforms Advanced
VII	Conforms Basic	Conforms Basic	Conforms Basic
VIII	Conforms Basic	Conforms Basic	Conforms Basic
IX	Conforms Basic	Conforms Basic	Conforms Basic
X	Conforms Basic	Conforms Basic	Conforms Basic
XI	Conforms Basic	Conforms Basic	Conforms Basic
XII	Conforms Basic	Conforms Basic	Conforms Basic
XIII	Conforms Optional	Does Not Conform Optional	Conforms Optional
XIV	Conforms Basic	Conforms Basic	Conforms Basic
XV	Conforms Optional	Conforms Optional	Conforms Optional
XVI	Conforms Basic	Conforms Basic	Conforms Basic
XVII	Conforms Basic	Conforms Basic	Conforms Basic
XVIII	Conforms Basic	Conforms Basic	Conforms Basic
XIX	Conforms Basic	Conforms Basic	Conforms Basic
XX	Conforms Optional	Conforms Optional	Conforms Optional
XXI	Conforms Basic	Conforms Basic	Conforms Basic
XXII	Conforms Basic	Conforms Basic	Conforms Basic
XXIII	NA	NA	NA
XXIV	Conforms Optional	Does Not Conform Optional	Conforms Optional
XXV	Conforms Basic	Conforms Basic	Conforms Basic
XXVI	Conforms Basic	Conforms Basic	Conforms Basic
XXVII	NA	NA	NA
XXVIII	NA	NA	NA
XXIX	NA	NA	NA
XXX	NA	NA	NA
XXXI	Conforms Basic	Conforms Basic	Conforms Basic
XXXII	Conforms Basic	Conforms Basic	Conforms Basic
XXXIII	Conforms Basic	Conforms Basic	Conforms Basic
XXXIV	Conforms Basic	Conforms Basic	Conforms Basic
XXXV	Conforms Basic	Conforms Basic	Conforms Basic
XXXVI	Conforms Basic	Conforms Basic	Conforms Basic
XXXVII	Conforms Optional	Conforms Optional	Conforms Optional
XXXVIII	Conforms Basic	Conforms Basic	Conforms Basic
XXXIX	Conforms Basic	Conforms Basic	Conforms Basic
XL	Conforms Basic	Conforms Basic	Conforms Basic
XLI	Conforms Optional	Conforms Optional	Conforms Optional
XLII	Conforms Basic	Conforms Basic	Conforms Basic
XLIII	Conforms Basic	Conforms Basic	Conforms Basic
XLIV	Conforms Basic	Conforms Basic	Conforms Basic
XLV	Conforms Basic	Conforms Basic	Conforms Basic
XLVI	Conforms Basic	Conforms Basic	Conforms Basic
XLVII	Conforms Basic	Conforms Basic	Conforms Basic
XLVIII	Conforms Basic	Conforms Basic	Conforms Basic
XLIX	Conforms Advanced	Conforms Advanced	Conforms Advanced
L	Conforms Advanced	Conforms Advanced	Conforms Advanced
LI	Does Not Conform Advanced	Conforms Advanced	Conforms Advanced
LII	Does Not Conform Advanced	Does Not Conform Advanced	Conforms Advanced
LIII	Conforms Advanced	Conforms Advanced	Conforms Advanced
LIV	Conforms Advanced	Conforms Advanced	Conforms Advanced
LV	NA	NA	NA
LVI	Does Not Conform Optional	Conforms Optional	Does Not Conform Optional
LVII	Does Not Conform Optional	Does Not Conform Optional	Conforms Optional
LVIII	Conforms Basic	Conforms Basic	Conforms Basic
LIX	Conforms Basic	Conforms Basic	Conforms Basic
LX	Conforms Advanced	Conforms Advanced	Conforms Advanced
LXI	Conforms Basic	Conforms Basic	Conforms Basic
LXII	Conforms Basic	Conforms Basic	Conforms Basic
LXIII	NA	NA	NA
LXIV	NA	NA	NA
LXV	Conforms Advanced	Conforms Advanced	Conforms Advanced
LXVI	Conforms Basic	Conforms Basic	Conforms Basic
LXVII	Conforms Advanced	Conforms Advanced	Conforms Advanced
LXVIII	Conforms Optional	Conforms Optional	Conforms Optional
LXIX	Conforms Optional	Does Not Conform Optional	Does Not Conform Optional
LXX	Conforms Advanced	Conforms Advanced	Conforms Advanced
LXXI	Conforms Basic	Conforms Basic	Conforms Basic
LXXII	Conforms Advanced	Conforms Advanced	Conforms Advanced
LXXIII	Conforms Advanced	Conforms Advanced	Conforms Advanced
LXXIV	Conforms Advanced	Conforms Advanced	Conforms Advanced
LXXV	NA	NA	NA
LXXVI	NA	NA	NA
LXXVII	Conforms Basic	Conforms Basic	Conforms Basic
LXXVIII	Conforms Basic	Conforms Basic	Conforms Basic
LXXIX	Conforms Basic	Conforms Basic	Conforms Basic
LXXX	Does Not Conform Advanced	Conforms Advanced	Conforms Advanced
LXXXI	Conforms Basic	Conforms Basic	Conforms Basic
LXXXII	NA	NA	NA
LXXXIII	Conforms Basic	Conforms Basic	Conforms Basic
LXXXIV	Conforms Basic	Conforms Basic	Conforms Basic
LXXXV	Conforms Advanced	Conforms Advanced	Conforms Advanced
LXXXVI	Conforms Basic	Conforms Basic	Conforms Basic
LXXXVII	Conforms Optional	Conforms Optional	Conforms Optional
LXXXVIII	Conforms Basic	Conforms Basic	Conforms Basic
LXXXIX	Conforms Advanced	Conforms Advanced	Conforms Advanced
XC	Conforms Basic	Conforms Basic	Conforms Basic
XCI	Conforms Basic	Conforms Basic	Conforms Basic
XCII	Conforms Advanced	Conforms Advanced	Conforms Advanced
XCIII	Conforms Basic	Conforms Basic	Conforms Basic
XCIV	Conforms Basic	Conforms Basic	Conforms Basic
XCV	Conforms Basic	Conforms Basic	Conforms Basic
XCVI	Conforms Basic	Conforms Basic	Conforms Basic
XCVII	Conforms Basic	Conforms Basic	Conforms Basic
XCVIII	Conforms Basic	Conforms Basic	Conforms Basic
XCIX	Conforms Basic	Conforms Basic	Conforms Basic
C	Conforms Advanced	Conforms Advanced	Conforms Advanced
CI	NA	NA	NA
CII	Conforms Advanced	Conforms Advanced	Conforms Advanced
CIII	Conforms Basic	Conforms Basic	Conforms Basic
CIV	Conforms Basic	Conforms Basic	Conforms Basic
CV	Conforms Advanced	Conforms Advanced	Conforms Advanced
CVI	Conforms Advanced	Conforms Advanced	Conforms Advanced