ISSUE-140

Don't show certificate information as identity when its weak

State:
CLOSED
Product:
wsc-xit
Raised by:
Mary Ellen Zurko
Opened on:
2007-12-14
Description:
6.1.2

"During interactions with pages that were (all or in part) retrieved through weakly TLS-protected interactions, Web user agents MUST NOT display any logotypes derived from certificates."

I would like to see this cover all of identity signal, since identity signal is derived from attested certificates. A straw proposal is to change that line to:
During interactions with pages that were (all or in part) retrieved through weakly TLS-protected interactions, Web user agents MUST NOT display any identity signal content derived from certificates.
Related Actions Items:
No related actions
Related emails:
  1. ISSUE-140: Don't show certificate information as identity when its weak [wsc-xit] (from sysbot+tracker@w3.org on 2007-12-14)

Related notes:

Added to xit as open issue under Section 6.1.2

Anil Saldhana, 21 Jan 2008, 22:15:34

current draft addresses consistently (if it's weak, shouldn't be stronger than no http)

Mary Ellen Zurko, 21 Mar 2008, 16:10:28

Display change log ATOM feed


Mary Ellen Zurko <mzurko@us.ibm.com>, Chair, Thomas Roessler <tlr@w3.org>, Staff Contact
Tracker (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 140.html,v 1.1 2010/10/11 09:35:06 dom Exp $