WSC WG weekly

20 Feb 2008


See also: IRC log


Mary Ellen Zurko, Phillip Hallam-Baker, Ian Fette, Jan Vidar Krey, Bill Doyle, Maritza Johnson, Tyler Close, Rachna Dhamija, Yngve Pettersen, Anil Saldhana, Johnathan Nightingale, Stephen Farrell
Thomas Roessler, Dan Schutzer, Hal Lockhart, Tim Hahn, Serge Egelman
Mary Ellen Zurko
Stephen Farrell


Approve mintues from meetings




mez: no issues, minutes approved

Weekly completed action items

mez: Phill, Yngve & Tim did things

Open Action Items


Action items closed due to inactivity

343 is a dead horse

Agenda bash

<tyler> Can we send the use cases to Note?

mex: good addition to agenda

mez: adding "use cases to Note" to top of agenda
... otherwise as is
... agenda will roll over to next week as needed
... bashed

use cases to Note

mez: tyler - any open issues remaining?

tyler: no other than the one below from Tim

mez: did tim say it was ok on list?

<Mez> http://lists.w3.org/Archives/Public/public-wsc-wg/2008Feb/0004.html

mez: yes he's ok

tyler: other thing is accessibility feedback
... tyler folded 'em in but hasn't heard back

mez: got a link?

tyler: changes to table @ start of use cases

<Mez> http://www.w3.org/2006/WSC/drafts/note/

<tyler> http://www.w3.org/2006/WSC/drafts/note/#scenarios

tyler: table formatting now better for screen readers (e.g. comma sep in cells)

mez: all looks splendid
... resolution - take uses cases to Note - any discussion?
... none
... so that's resolved

RESOLUTION: take uses cases to Note

mez: thanks tyler (tumultuous applause)


<Mez> http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#audio-logotype-practices

mez: did Tim send a proposed update (checking)

<Mez> http://lists.w3.org/Archives/Public/public-wsc-wg/2008Feb/0021.html

<Mez> Specifically, audio logotypes SHOULD NOT include spoken text. Audio

<Mez> logotypes MAY include short musical phrases. When a user agent will both

<Mez> display visual logotype information as well as emit/play audio logotype

<Mez> information, the user agent MUST ensure that the display/play of these two

<Mez> forms are time-synchronized so that the start times of their display/play

<Mez> coincides visibly and audibly.

mez: any issues on 9.6 going to LC in June?

ifette: wants to open an issue, wrt spoken name of company
... hopefully not contentious, but still TBD

mez: thing was that audio logotypes should be short (not too much spoken text)
... does that ring an (audio) bell?
... bill, was that you?

bill: have to go back to notes

mez: let's do that

ifette: wants to propose that singing name and phone number (e.g. from jingle) that should be ok
... not sure if we're constraining by #seconds (e.g. 1, 5 seconds)
... there was an issue with a 2nd audio-logotype
... more an annoyance issue rather than security

mez: its a SHOULD NOT not MUST NOT

ifette: maybe add an example and some MAY text for non-compliance with SHOULD NOT
... audio-logotypes are rare so odd to constrain now

+1 on that last from stephenF

mez: we're getting expertise from <somewhere>

bill: for us the binding is the thing, isn't it?

mez: not sure, security overlap with usability is in scope for us

<Mez> http://www.w3.org/2007/11/05-wsc-minutes.html

<Mez> http://www.w3.org/2007/11/05-wsc-minutes.html#item07

mez: accessibility folks like music but not chatting here
... we should go back to tlr and janina and ask

<ifette> :-)

mez: back to 9.6, anything else?
... nothing, so looks like 9.6 stuff can go to LC in June

section 10.1

<Mez> http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#usage-modes

mez: on 10.1 now...formerly browser lock-down

<Mez> Web user agents that implement optional features of this specification MUST support the configuration of different [Definition: usage modes ] which determine which of thse optional features are active. A usage mode MAY cover other configuration settings of a Web user agent. A user agent SHOULD allow users to view details of why a request to perform a Web transaction was denied if this decision was based on the currently-active usage mode.

ifette: other than safe browsing mode, we have no other configurations now
... was there a kiosk use-case (restricting showing thing then)
... has major concerns about 10.2, so unsure about 10.1 'till 10.2 is ok (in terms of going to LC)

mez: is 10.1 only useful if something in 10.2 is ready for LC in June, let's look...
... are there a number of optional features

ifette: says you MUST support different configurations which is odd if we only have 1

<Mez> Implementations MAY make user interfaces available for the purpose of designating AA-qualified trust roots.

ifette: SBM was a very different configuration, a huge change, as was kiosk-mode
... creating a different usage-mode for a small difference seems wrong
... if we (later) add shockingly different modes we'll do something rather shocking

maritzaj: is this more about how to configure preferences?

<Zakim> stephenF, you wanted to say that 10.1 would be a bad place to have a MUST about a MAY in x.y where x!=10

<Zakim> johnath, you wanted to come back to something ian was saying from a different angle - do we need 10.1 at all?

jonath: is 10.1 useful with only 1 known use?

jonath: can we just move on to modes we care about and let 10.1 fall

<ifette> +1 for falling

mez: looks like 10.1 could be put aside & revisited if 10.2 survives or other examples come
... up that make it into June LC

maritzaj: section still v. abstract so probably not ready

mez: seems like consensus that 10.1 isn't ready

10.2 safe-browsing mode

<Mez> http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#usage-sbm

<Mez> Web user agents SHOULD support a [Definition: Safe Browsing Mode ] as one usage mode. Users SHOULD NOT be able to change the settings of this usage mode. This usage mode MUST be made available through an interaction based on a Secure Attention Sequence.

<Mez> In this usage mode, interactions MUST be limited to a usage-mode specific set of sites.

<Mez> Web user agents MUST require all Web transactions in this usage mode to be strongly TLS protected. Use of self-signed certificates MUST be considered cause for a change of security level.

<Mez> The optional technique 6.4.2 Handling certain man in the middle attacks MUST NOT be used.

<Mez> For Web user agents with a visual user interface, Safe Browsing Mode SHOULD be visually distinguishable from other usage modes.

<Zakim> ifette, you wanted to kill 10.2

ifette: +1 to zakim
... problems with implementation details and usability
... implemenation details: is this a whitelist or cert. exts ?
... both problematic

<Mez> for other recommendations, we've been OK about saying something happens out of band, but we've had at least one example that we thought was not problematic

ifette: seems v. far out
... on usability: we're relying on people switching modes which seems like a big assumption
... can't imagine his mom will do that (or care)

<Zakim> stephenF, you wanted to ask if user's can't change settings, who can?

... wants to distinguish this from the mechanism (e.g. logotypes)
... SBM might be a good idea, but is an R&D project
... if it were a strict subset of normal features (e.g. no Javascript, funky html...)
... then maybe, but that's not defined and there's no prospect of us getting there now
... would be good if there was a SBM but maybe has to be in OS/Bios
... would not want online banking in SBM, at most only some parts (e.g. login, add payee, ...)
... same with shopping, only want checkout experience in SBM
... the wider the perimeter the less it can be secured
... so dump this section at this point

mez: sounds like nothing in section 10 is ready for LC in June

mez: agreed on the call that section 10 isn't ready for LC in June

anil: should there be a checkpoint in browser to last "safe" point

mez: got a fleshed out proposal?

anil: nope

mez: not sure how that'd work but maybe you (anil) do?

<Zakim> ifette, you wanted to say problematic idea

ifette: what checkpoint? general browser state is complex (versioning etc.)
... if security settings, scope would be ok, but not clear that users' would
... be able to bookmark their security settings (esp. less pointy headed users)
... so what'd we be checkpionting & what benefit?

yngve: +1 to ifette, difficult to say what can/should be checkpointed

Low-fi prototype of security confidence estimate

mez: found a surprising level of support @ f2f consider earlier objections
... but thinks we agreed (maybe not all) that to go fwd we need some
... prototyping

<maritzaj> (i think the defn we came to at the f2f differs significantly from the originally proposed idea)

mez: so can we prototype what such an estimate might be?
... does someone want to lead this now, or better for next week? (with
... suitable prep. & right folks)

bill: support was to do prototyping rather than to include?

mez: people like the idea but not what we have so far

ifette: we need >1 prototypes, one isn't enough
... so we can say we prefer different elements (e.g. a binary and a multi-level one)
... will scream if no 0's and 1's

maritzaj: original defn different from strawpoll options...

<rachna> yes

maritzaj: some confusion existed @ strawpoll
... would a binary ssl/no-ssl be a page security score or not?

ifette: thinks that binary indicator qualifies and scarily seems to him to bring
... no benefit
... stuff that user should care about other than ssl is stuff we can't access
... e.g. how secure is back-end, is CC# being stored well, etc. all stuff
... we know nothing about UA

marzitaj: (scribe didn't hear that, sorry)

ifette: PSS can't say transaction is safe

<maritzaj> ian's concern with a binary indicator is inline with one of the current problems with the ssl-lock, a user wants to know what page they're on and the information the lock gives doesn't answer the question even if they know to look for it in the right place

mez: what should we do to prepare for next week (rachna)

<Zakim> stephenF, you wanted to ask if binary estimate == padlock & if so UAs already more-or-less conform?

jonath: not clear that padlock does represent a "best" practice
... thinks maybe the need is for a synthesis of various settings, seems odd to reduce
... that to ssl

mez: seems problems, but wants us to have a p-o-v on current (padlock) practice

<johnath> I'm all for binary as an approach, but reducing the score to a single testvalue is the thing I find hard to defend

ifette: not chair's fault, problem is it all does reduce to ssl-like stuff
... even dnssec etc. all properties of the connection and not site
... since info we need is info we don't have

<Mez> fair enough; it's time for us to figure out if there's any set of test values we can get behind, at LC level by June, as a communication of something around something security (other than identity, which is covered elsewhere)

yngve: almost impossible to get info about site in any case...

<Mez> or those trust mark things

yngve: only ones can say are vendors/hosters etc.

<ifette> Can we spare rachna some work and kill it now?

mez: so rachna, what should we do before next week?

rachna: purpose of prototyping is to get more data so as to answer questions
... e.g. would padlock vs. percent vs. colours be perceived as different
... hard to talk about these without specific proposals for page security
... confidence

mez: hard to do on the phone, but to give it a fair whack, anyone who
... wants to put out proposals/sketches for next week, then go ahead

<maritzaj> and if you saw my email with a lo-fi prototype ... you know how easy it is

mez: if nothing turns up, then we're down to discussing the padlock

<Zakim> ifette, you wanted to add additional issues for this over the next week

<Mez> no, a proposal at this point is

<Mez> 1) the proposal

<Mez> 2) the algorithm

<Mez> 3) a picture of an example

<Mez> 4) (optional) what benefit? what's the point, what do you want the users to understand

ifette: do you mean proposals for how this will be displayed? his fundamental issue isn't with display but with information to be displayed (garbage in, garbage out proble)

rachna: could be that we recommend that no indicators are useful and so none
... should be displayed

mez: people who want to put in effort in the meantime are free to do
... that, those that don't want to are similarly free
... proposals can be put on wiki

(discussion of wiki access)

mez: proposals should include 2119 language for the algorithm and a picture

rachna: and questions you want to answer?

mez: we've asked that before and gotten little

mez: anything else? nothing, so bye-bye all
... next week is padlock week

Summary of Action Items

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.128 (CVS log)
$Date: 2008/02/27 17:43:01 $