ISSUE-145

WhatIsASecurePage not fully incorporated

State:
CLOSED
Product:
wsc-xit
Raised by:
Yngve Pettersen
Opened on:
2007-12-17
Description:
This issue tracks the points raised in this message:
http://www.w3.org/mid/op.t225ya12qrq7tp@nimisha.oslo.opera.com


http://www.w3.org/2006/WSC/wiki/WhatIsASecurePage

AFAICT, the following recommendations are not yet in wsc-xit, or possibly not sufficiently covered.

#6/#16: all-EV site (or in new nomenclature: all-AA sites).

#12: Delayed security level change (mostly to upgrade security level, despite unsecure loading). May
be covered by current security level change language.

More radical proposals not included

#8: Forbid mixing of non-TLS-protected content in TLS-protected webpages

#10: Forbid unsecure->secure password submit by clients

#11: secure->Unsecure POST submits

#13: Treat https-part of URL as a security indicator (also, relevant in relation to "Chinese
whispers"-robustness, ACTION-347)
Related Actions Items:
No related actions
Related emails:
  1. ISSUE-145 WhatIsASecurePage not fully incorporated (from Mary_Ellen_Zurko@notesdev.ibm.com on 2008-04-25)
  2. Re: ACTION-349: verify that normative material from WhatIsASecurePage was fully incorporated in wsc-xit (from tlr@w3.org on 2007-12-17)
  3. ISSUE-145: WhatIsASecurePage not fully incorporated [wsc-xit] (from sysbot+tracker@w3.org on 2007-12-17)

Related notes:

No additional notes.

Display change log ATOM feed

Mary Ellen Zurko <mzurko@us.ibm.com>, Chair, Thomas Roessler <tlr@w3.org>, Staff Contact
Tracker (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 145.html,v 1.1 2010/10/11 09:35:06 dom Exp $