- From: Ian Fette <ifette@google.com>
- Date: Mon, 26 Nov 2007 09:40:09 -0800
- To: "Dan Schutzer" <dan.schutzer@fstc.org>
- Cc: "Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com>, "Web Security Context Working Group WG" <public-wsc-wg@w3.org>
Yes, but then they call up their help desk / ISP / son / whomever, and are asked "Is HTTPS over SOCKS checked or unchecked" and they say "I don't see where that option is...". I really don't see why the user should ever be prevented from at least viewing the settings. On Nov 26, 2007 9:16 AM, Dan Schutzer <dan.schutzer@fstc.org> wrote: > > > > > I would agree that a user should always be able to view and modify > security-related configuration settings, but that if a user agent does their > job correctly, it should not be necessary, especially for the user who would > have trouble understanding the kind of detailed security configuration > settings that one sees today in the Security tab > > > > ________________________________ > > > From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On > Behalf Of Mary Ellen Zurko > Sent: Monday, November 26, 2007 11:36 AM > To: Web Security Context Working Group WG > Subject: Re: ISSUE-132: Update Section 10.1 of wsc-xit with information > from updated browser lock down wiki page > > > > > > "A user agent MUST support a mode of operation whereby the user is unable > to view or modify the security-related configuration settings. " > > It seems wrong to me that there is a mode where the user is unable to view > the security related configuration settings. In every context I've ever been > in, having some ability to get to more information if helpful. > > I would remove the "view or" part of this, unless I'm missing something.
Received on Monday, 26 November 2007 17:40:34 UTC