ISSUE-140
Don't show certificate information as identity when its weak
- State:
- CLOSED
- Product:
- wsc-xit
- Raised by:
- Mary Ellen Zurko
- Opened on:
- 2007-12-14
- Description:
- 6.1.2
"During interactions with pages that were (all or in part) retrieved through weakly TLS-protected interactions, Web user agents MUST NOT display any logotypes derived from certificates."
I would like to see this cover all of identity signal, since identity signal is derived from attested certificates. A straw proposal is to change that line to:
During interactions with pages that were (all or in part) retrieved through weakly TLS-protected interactions, Web user agents MUST NOT display any identity signal content derived from certificates.
- Related Actions Items:
- No related actions
- Related emails:
- ISSUE-140: Don't show certificate information as identity when its weak [wsc-xit] (from sysbot+tracker@w3.org on 2007-12-14)
Related notes:
Added to xit as open issue under Section 6.1.2
Anil Saldhana, 21 Jan 2008, 22:15:34current draft addresses consistently (if it's weak, shouldn't be stronger than no http)
Mary Ellen Zurko, 21 Mar 2008, 16:10:28Display change log