ISSUE-1 |
CLOSED |
Test Issue - please ignore |
2006-11-14 |
All |
0 |
ISSUE-2 |
CLOSED |
test again, please ignore |
2006-11-17 |
All |
0 |
ISSUE-3 |
CLOSED |
Can XQuery/XPath contribute to attack vectors? |
2006-11-21 |
wsc-xit |
0 |
ISSUE-4 |
CLOSED |
How applicable is baseline information to content retrieved by FTP? |
2006-11-21 |
wsc-xit |
0 |
ISSUE-5 |
CLOSED |
Security context information and links/actions |
2007-01-17 |
All |
0 |
ISSUE-6 |
CLOSED |
User Interface Issues for Constrained / Mobile Devices |
2007-01-30 |
wsc-usecases |
0 |
ISSUE-7 |
CLOSED |
Mental models? |
2007-01-31 |
wsc-usecases |
0 |
ISSUE-8 |
CLOSED |
User Education |
2007-01-31 |
wsc-usecases |
0 |
ISSUE-9 |
CLOSED |
The Note needs a decent title and a shortname. |
2007-02-07 |
wsc-usecases |
0 |
ISSUE-10 |
CLOSED |
Scope sections: |
2007-02-07 |
wsc-usecases |
0 |
ISSUE-11 |
CLOSED |
Problems with the status quo |
2007-02-22 |
wsc-usecases |
0 |
ISSUE-12 |
CLOSED |
User-agents - future proofing |
2007-02-22 |
All |
0 |
ISSUE-13 |
CLOSED |
Mez\' Note Review |
2007-03-02 |
wsc-usecases |
0 |
ISSUE-14 |
CLOSED |
Technologies that reduce risk |
2007-03-14 |
wsc-usecases |
0 |
ISSUE-15 |
CLOSED |
Revise section 9.2.5 as per ACTION-106 |
2007-03-20 |
wsc-usecases |
0 |
ISSUE-16 |
CLOSED |
Create section 9.2.6 as per ACTION-105 |
2007-03-20 |
wsc-usecases |
0 |
ISSUE-17 |
CLOSED |
Amend section 8.2 as per ACTION-103 |
2007-03-20 |
wsc-usecases |
0 |
ISSUE-18 |
CLOSED |
Clarify audience of wsc-usecases |
2007-03-26 |
wsc-usecases |
0 |
ISSUE-19 |
CLOSED |
Arrangement and formatting of use cases |
2007-03-26 |
wsc-usecases |
0 |
ISSUE-20 |
CLOSED |
Potential additions to Available Security Information |
2007-03-26 |
wsc-usecases |
0 |
ISSUE-21 |
CLOSED |
Reply to question - what do pword managers do to ensure they don\'t |
2007-03-26 |
wsc-usecases |
0 |
ISSUE-22 |
CLOSED |
Rephrase favicon text |
2007-03-26 |
wsc-usecases |
0 |
ISSUE-23 |
CLOSED |
Rephrase background on usable security in Process secion |
2007-03-26 |
wsc-usecases |
0 |
ISSUE-24 |
CLOSED |
[editorial] Add |
2007-03-28 |
wsc-usecases |
0 |
ISSUE-25 |
CLOSED |
Participants need to review wsc-usecases |
2007-04-05 |
wsc-usecases |
0 |
ISSUE-26 |
CLOSED |
|
2007-04-08 |
wsc-usecases |
0 |
ISSUE-27 |
CLOSED |
[editorial?] techniques for content based detection |
2007-04-08 |
wsc-usecases |
0 |
ISSUE-28 |
CLOSED |
|
2007-04-08 |
wsc-usecases |
0 |
ISSUE-29 |
CLOSED |
Define user agent in wsc-usecases |
2007-04-12 |
wsc-usecases |
0 |
ISSUE-30 |
CLOSED |
allow for remote opening of web browser |
2007-04-12 |
wsc-usecases |
0 |
ISSUE-31 |
CLOSED |
Correct scenarion 20 intended action |
2007-04-12 |
wsc-usecases |
0 |
ISSUE-32 |
CLOSED |
explain dynamic content better |
2007-04-12 |
wsc-usecases |
0 |
ISSUE-33 |
CLOSED |
Charter retains authority Review of Note |
2007-04-13 |
All |
0 |
ISSUE-34 |
CLOSED |
Formal studies don\'t cover disability access adequately, use experts too - (public comment) |
2007-04-13 |
All |
0 |
ISSUE-35 |
CLOSED |
information overload/underload -- no oneSizeFitsAll (public comment) |
2007-04-13 |
All |
0 |
ISSUE-36 |
CLOSED |
presentation norms -- no oneSizeFitsAll (from public comments) |
2007-04-15 |
wsc-usecases |
0 |
ISSUE-37 |
CLOSED |
qualify your interrupts (from public comments) |
2007-04-15 |
wsc-usecases |
0 |
ISSUE-38 |
CLOSED |
no safe haven in presentation space (from public comments) |
2007-04-15 |
wsc-usecases |
0 |
ISSUE-39 |
CLOSED |
cooperate with WAI-ARIA \'politeness\' (from public comments) |
2007-04-15 |
wsc-xit |
0 |
ISSUE-40 |
CLOSED |
Drill-down access to all security information is not \'nice,\' it\'s required (by UAAG 1.0). (public comment) |
2007-04-15 |
wsc-usecases |
0 |
ISSUE-41 |
CLOSED |
limited guidance on presentation OK (public comment) |
2007-04-15 |
wsc-xit |
0 |
ISSUE-42 |
CLOSED |
Re: 3.2 Non-HTTP Web interactions (public comment) |
2007-04-15 |
wsc-usecases |
0 |
ISSUE-43 |
CLOSED |
don\'t disable assistive technology (public comment) |
2007-04-15 |
wsc-usecases |
0 |
ISSUE-44 |
CLOSED |
beyond \'who\' (some day) (pubic comment) |
2007-04-15 |
wsc-usecases |
0 |
ISSUE-45 |
CLOSED |
full legal entity identification (is a must) (pubic comment) |
2007-04-15 |
wsc-usecases |
0 |
ISSUE-46 |
CLOSED |
widely deployed baseline, yes; usage and presentation, yes (pubic comment) |
2007-04-15 |
wsc-usecases |
0 |
ISSUE-47 |
CLOSED |
define extension interface for content-scanning tools (public comment) |
2007-04-16 |
wsc-usecases |
0 |
ISSUE-48 |
CLOSED |
platform and browser security out of scope - NOT (public comment) |
2007-04-16 |
wsc-usecases |
0 |
ISSUE-49 |
CLOSED |
trust in browser password cache needs to be better justified (pubic comment) |
2007-04-16 |
wsc-usecases |
0 |
ISSUE-50 |
CLOSED |
present web security is not good enough; even \'though fixing that is out of scope for this deliverable (public comment) |
2007-04-16 |
wsc-usecases |
0 |
ISSUE-51 |
CLOSED |
distinguished Chrome is not the answer (public comment) |
2007-04-17 |
wsc-usecases |
0 |
ISSUE-52 |
CLOSED |
benchmarking success -- it\'s out there (public comment) |
2007-04-17 |
wsc-usecases |
0 |
ISSUE-53 |
CLOSED |
augment general usability wisdom because you are operating on a fringe (as is WAI) (Public Comnment) |
2007-04-17 |
wsc-usecases |
0 |
ISSUE-54 |
CLOSED |
user understanding is where it\'s at (pubic comment) |
2007-04-17 |
wsc-usecases |
0 |
ISSUE-55 |
CLOSED |
realism is not universal, nor does ordinariness befit exceptional communications (public comment) |
2007-04-17 |
wsc-usecases |
0 |
ISSUE-56 |
CLOSED |
habit is little help, here (public comment) |
2007-04-17 |
wsc-usecases |
0 |
ISSUE-57 |
CLOSED |
qualify your interrupts; communicate subliminally always and through the focus rarely (public comment) |
2007-04-17 |
wsc-usecases |
0 |
ISSUE-58 |
CLOSED |
simplicity is in the [diverse] world of the user (public comment) |
2007-04-17 |
wsc-usecases |
0 |
ISSUE-59 |
CLOSED |
challenge and recover are essential; one presentation fits all -NOT (pubic comment) |
2007-04-17 |
wsc-xit |
0 |
ISSUE-60 |
CLOSED |
reinvent Help and DoIt (public comment) |
2007-04-17 |
wsc-usecases |
0 |
ISSUE-61 |
CLOSED |
Know you don\'t know your users (public comment) |
2007-04-17 |
wsc-usecases |
0 |
ISSUE-62 |
CLOSED |
User-adjustable step size is part of Universal Design (public comment) |
2007-04-17 |
wsc-usecases |
0 |
ISSUE-63 |
CLOSED |
consistency is good where it fits; it doesn\'t always fit; so undergird your consistency with a model (public comment) |
2007-04-17 |
wsc-usecases |
0 |
ISSUE-64 |
CLOSED |
\'where\' is less universal than \'how\' for drill-down (public comment) |
2007-04-17 |
wsc-usecases |
0 |
ISSUE-65 |
CLOSED |
testing throughout evolution of product (pubic comment) |
2007-04-17 |
wsc-usecases |
0 |
ISSUE-66 |
CLOSED |
Suggested rewrite of last paragraph of 10.3 |
2007-04-23 |
wsc-usecases |
0 |
ISSUE-67 |
CLOSED |
The introduction to the note should include a hyperlink to the charter. |
2007-04-25 |
wsc-usecases |
0 |
ISSUE-68 |
CLOSED |
Note summary, goals, and scope should more clearly focus on problem to be solved---impersonation |
2007-04-25 |
wsc-usecases |
0 |
ISSUE-69 |
CLOSED |
New goal--Reduce the number of scenarios in which users\' security depends upon authenticating sites |
2007-04-25 |
wsc-usecases |
0 |
ISSUE-70 |
CLOSED |
Scope should be defined in terms of concepts, not in terms of use cases |
2007-04-25 |
wsc-usecases |
0 |
ISSUE-71 |
CLOSED |
Change title of Section 7 |
2007-04-25 |
wsc-usecases |
0 |
ISSUE-72 |
CLOSED |
Replace term |
2007-04-25 |
wsc-usecases |
0 |
ISSUE-73 |
CLOSED |
Proposed changes to process chapter |
2007-05-05 |
wsc-usecases |
0 |
ISSUE-74 |
CLOSED |
Dependencies on other wgs |
2007-05-23 |
wg-coordination |
0 |
ISSUE-75 |
CLOSED |
Relation to existing standards and related work |
2007-05-23 |
wsc-xit |
0 |
ISSUE-76 |
CLOSED |
add file extension remark to security context information list |
2007-06-06 |
wsc-usecases |
0 |
ISSUE-77 |
CLOSED |
Reference threat work in wsc-usecases |
2007-06-27 |
wsc-usecases |
0 |
ISSUE-78 |
CLOSED |
Definitions |
2007-07-02 |
wsc-xit |
0 |
ISSUE-79 |
CLOSED |
Understandability of security settings |
2007-07-02 |
wsc-usecases |
0 |
ISSUE-80 |
CLOSED |
Non-visual (multiomodal) presentation of security information |
2007-07-02 |
wsc-usecases |
0 |
ISSUE-81 |
CLOSED |
Mobile Web in Scope |
2007-07-02 |
wsc-usecases |
0 |
ISSUE-82 |
CLOSED |
Shared use in public spaces and homes |
2007-07-02 |
wsc-usecases |
0 |
ISSUE-83 |
CLOSED |
Scenario updates (for certain abilities and functional limitations) |
2007-07-02 |
wsc-usecases |
0 |
ISSUE-84 |
CLOSED |
User/consumer education |
2007-07-02 |
wsc-usecases |
0 |
ISSUE-85 |
CLOSED |
Usability testing and target segments |
2007-07-02 |
wsc-usecases |
0 |
ISSUE-86 |
CLOSED |
Accessibility |
2007-07-02 |
wsc-usecases |
0 |
ISSUE-87 |
CLOSED |
Multicultural aspects |
2007-07-02 |
wsc-usecases |
0 |
ISSUE-88 |
CLOSED |
Recommend the use of information architecture and design technologies |
2007-07-02 |
wsc-usecases |
0 |
ISSUE-89 |
CLOSED |
Multimodality of indicators |
2007-07-02 |
wsc-usecases |
0 |
ISSUE-90 |
CLOSED |
Coordination/liaison with WAI and Mobile Web |
2007-07-02 |
wsc-usecases |
0 |
ISSUE-91 |
CLOSED |
Collaboration with 3GPP/TISPAN, OMA, DLNA, OMTP |
2007-07-02 |
wsc-usecases |
0 |
ISSUE-92 |
CLOSED |
P3P and Internet filters |
2007-07-02 |
wsc-usecases |
0 |
ISSUE-93 |
CLOSED |
Multi-platform compatibility |
2007-07-02 |
wsc-usecases |
0 |
ISSUE-94 |
CLOSED |
More f-looking and future-proof? |
2007-07-02 |
wsc-usecases |
0 |
ISSUE-95 |
CLOSED |
bookmark API interactions |
2007-08-01 |
wsc-xit |
0 |
ISSUE-96 |
CLOSED |
Should support for logotypes be a SHOULD or a MAY? |
2007-08-08 |
wsc-xit |
0 |
ISSUE-97 |
CLOSED |
Should logotypes be tied to EV certificates? |
2007-08-08 |
wsc-xit |
0 |
ISSUE-98 |
CLOSED |
Which kind of logotype should be preferred? |
2007-08-08 |
wsc-xit |
0 |
ISSUE-99 |
CLOSED |
What certificate fields must be included in the identity signal? |
2007-08-08 |
wsc-xit |
0 |
ISSUE-100 |
CLOSED |
Update acknowledgementst to list everyone who contributed |
2007-08-10 |
wsc-usecases |
0 |
ISSUE-101 |
CLOSED |
Create "visiting known site that is now malware" use case as per ACTION-275 |
2007-08-10 |
wsc-usecases |
0 |
ISSUE-102 |
CLOSED |
What should be our notion of "EV" certificates? |
2007-08-12 |
wsc-xit |
0 |
ISSUE-103 |
CLOSED |
How should unknown CAs and self-signed certificates be treated? |
2007-08-12 |
wsc-xit |
0 |
ISSUE-104 |
CLOSED |
Some information in certificates is not trustworthy |
2007-08-19 |
wsc-xit |
0 |
ISSUE-105 |
CLOSED |
What information should be communicated about client state? |
2007-08-19 |
wsc-xit |
0 |
ISSUE-106 cert/URL matching |
CLOSED |
We need to define details of cert/URL matching |
2007-08-29 |
wsc-xit |
0 |
ISSUE-107 |
CLOSED |
Should there be any recommendations for https->http form submissions? |
2007-09-18 |
wsc-xit-past-062008 |
0 |
ISSUE-108 |
CLOSED |
Should Safe Browsing mode restrict users to a specific set of sites? |
2007-09-18 |
wsc-xit-past-062008 |
0 |
ISSUE-109 faviconsAndMore |
CLOSED |
Should there be recommendations against favicons? |
2007-10-02 |
wsc-xit |
0 |
ISSUE-110 |
CLOSED |
POST triggered via JavaScript |
2007-10-02 |
wsc-xit |
0 |
ISSUE-111 |
CLOSED |
Do we need material for login-specific form interactions? |
2007-10-02 |
wsc-xit-past-062008 |
0 |
ISSUE-112 |
CLOSED |
Conformance models for usability? |
2007-10-03 |
wsc-xit |
0 |
ISSUE-113 |
CLOSED |
Trusted Certificates |
2007-10-03 |
wsc-xit |
0 |
ISSUE-114 |
CLOSED |
Self-signed certificate changeover |
2007-10-03 |
wsc-xit |
0 |
ISSUE-115 |
CLOSED |
Mixing of security information and content in non-visual environments? |
2007-10-03 |
wsc-xit |
0 |
ISSUE-116 ReconfigureChrome |
CLOSED |
Should users be able to reconfigure primary chrome? |
2007-10-03 |
wsc-xit |
0 |
ISSUE-117 User Studies |
CLOSED |
Eliminating Faulty Recommendations |
2007-10-08 |
wsc-xit-past-062008 |
0 |
ISSUE-118 |
CLOSED |
Interaction glossary? |
2007-10-10 |
wsc-xit |
0 |
ISSUE-119 |
CLOSED |
no-interaction certs |
2007-10-11 |
wsc-xit |
0 |
ISSUE-120 |
CLOSED |
Audio "logotypes" |
2007-10-11 |
wsc-xit |
0 |
ISSUE-121 |
CLOSED |
Safe Form Bar certificate matching issues |
2007-10-11 |
wsc-xit-past-062008 |
0 |
ISSUE-122 |
CLOSED |
Safe Form Bar: CA practice assumptions |
2007-10-11 |
wsc-xit-past-062008 |
0 |
ISSUE-123 |
CLOSED |
Safe Form Bar: HTTP assumptions in "no TLS" section |
2007-10-11 |
wsc-xit-past-062008 |
0 |
ISSUE-124 |
CLOSED |
Safe Form Bar: reliable text |
2007-10-11 |
wsc-xit-past-062008 |
0 |
ISSUE-125 |
CLOSED |
Safe Form Bar: on screen masking phrased in terms of visual user agents |
2007-10-11 |
wsc-xit-past-062008 |
0 |
ISSUE-126 |
CLOSED |
Define "picture-in-picture attack" |
2007-10-11 |
wsc-xit |
0 |
ISSUE-127 |
CLOSED |
Safe Form Bar: Separate MITM handling? |
2007-10-11 |
wsc-xit-past-062008 |
0 |
ISSUE-128 |
CLOSED |
Strong / weak algorithms? |
2007-10-11 |
wsc-xit |
0 |
ISSUE-129 |
CLOSED |
Should we say anything about scoring techniques? |
2007-10-11 |
wsc-xit-past-062008 |
0 |
ISSUE-130 Trust Anchors |
CLOSED |
Trust Anchor Consistency Across Devices? |
2007-10-15 |
wsc-xit |
0 |
ISSUE-131 Code outside browser |
CLOSED |
Executing code outside of browser in 8.3.2.3 is vague / scary |
2007-11-06 |
wsc-xit |
0 |
ISSUE-132 |
CLOSED |
Update Section 10.1 of wsc-xit with information from updated browser lock down wiki page |
2007-11-16 |
wsc-xit-past-062008 |
0 |
ISSUE-133 Plugin Problems |
CLOSED |
How do our definition of Web Page and the Robustiness section interact? |
2007-12-14 |
wsc-xit |
0 |
ISSUE-134 |
CLOSED |
Let others besides industry define AAC criteria |
2007-12-14 |
wsc-xit |
0 |
ISSUE-135 SSC assertions |
CLOSED |
Not trusting any SSC assertion seems overbroad |
2007-12-14 |
wsc-xit |
0 |
ISSUE-136 |
CLOSED |
Allow new established patterns to redefine what's expected in terms of strong TLS protection |
2007-12-14 |
wsc-xit |
0 |
ISSUE-137 |
CLOSED |
Require Identity Signal whenever URLs are displayed |
2007-12-14 |
wsc-xit |
0 |
ISSUE-138 |
CLOSED |
Downgrade strength of Issuer field's Organization attribute |
2007-12-14 |
wsc-xit |
0 |
ISSUE-139 |
CLOSED |
Clarify UX of CoSL |
2007-12-14 |
wsc-xit-past-062008 |
0 |
ISSUE-140 |
CLOSED |
Don't show certificate information as identity when its weak |
2007-12-14 |
wsc-xit |
0 |
ISSUE-141 |
CLOSED |
More history that may be part of additional security context information |
2007-12-14 |
wsc-xit |
0 |
ISSUE-142 |
CLOSED |
Page Security Score does not yet have enough content behind it |
2007-12-14 |
wsc-xit-past-062008 |
0 |
ISSUE-143 |
CLOSED |
MITM cert handling needs some sketching out of examples |
2007-12-14 |
wsc-xit |
0 |
ISSUE-144 |
CLOSED |
Do we need to specify mixed content in more detail? |
2007-12-17 |
wsc-xit |
0 |
ISSUE-145 |
CLOSED |
WhatIsASecurePage not fully incorporated |
2007-12-17 |
wsc-xit |
0 |
ISSUE-146 |
CLOSED |
7.1 to reference where xit talks about how identity is presented |
2008-01-02 |
wsc-xit |
0 |
ISSUE-147 |
CLOSED |
Descriptions of certificate matching rules in SWFE need explanations somewhere |
2008-01-02 |
wsc-xit |
0 |
ISSUE-148 |
CLOSED |
Downgrade ability to update an organization's name and address to SHOULD |
2008-01-02 |
wsc-xit |
0 |
ISSUE-149 |
CLOSED |
Condense 7.2 to its first normative directive only |
2008-01-02 |
wsc-xit |
0 |
ISSUE-150 |
CLOSED |
Abstract how user navigates to a site for establishing a new relationship |
2008-01-02 |
wsc-xit |
0 |
ISSUE-151 |
CLOSED |
Make "similar" clearer (in choosing petnames) |
2008-01-02 |
wsc-xit |
0 |
ISSUE-152 |
CLOSED |
Clarify the point of "distinguishing" between static and other text in messages |
2008-01-02 |
wsc-xit |
0 |
ISSUE-153 |
CLOSED |
Tie SWFE to secondary SCI |
2008-01-02 |
wsc-xit |
0 |
ISSUE-154 |
CLOSED |
Provide unique labels for each message and use them consistently as references |
2008-01-02 |
wsc-xit |
0 |
ISSUE-155 |
CLOSED |
Remove references to contacts option |
2008-01-02 |
wsc-xit |
0 |
ISSUE-156 |
CLOSED |
Tighten and abstract seleting the text string |
2008-01-02 |
wsc-xit |
0 |
ISSUE-157 |
CLOSED |
Masking only MUST for passwords |
2008-01-02 |
wsc-xit |
0 |
ISSUE-158 |
CLOSED |
Abstracting and tightening editing of stored history |
2008-01-02 |
wsc-xit |
0 |
ISSUE-159 |
CLOSED |
Merge 7.8 into 8.2 |
2008-01-02 |
wsc-xit |
0 |
ISSUE-160 |
CLOSED |
Remove section 7.9 |
2008-01-02 |
wsc-xit |
0 |
ISSUE-161 |
CLOSED |
Be clearer about security indicator images |
2008-01-02 |
wsc-xit |
0 |
ISSUE-162 |
CLOSED |
Recognize there are other forms of network security |
2008-01-02 |
wsc-xit |
0 |
ISSUE-163 |
CLOSED |
Make (sure) 9.4 is internally consistent |
2008-01-02 |
wsc-xit |
0 |
ISSUE-164 |
CLOSED |
SSC != CoSL |
2008-01-02 |
wsc-xit |
0 |
ISSUE-165 |
CLOSED |
Allow for (non default) configuration of notification of first time TLS interaction with a site |
2008-01-02 |
wsc-xit |
0 |
ISSUE-166 |
CLOSED |
Consider dropping section 5.2 in favour of "standard" matching algo, if appropriate. |
2008-01-07 |
wsc-xit |
0 |
ISSUE-167 |
CLOSED |
Should Section 5.3.1 specify normative details for a theoretical technology? |
2008-01-07 |
wsc-xit |
0 |
ISSUE-168 |
CLOSED |
Section 5.5.2 might be over-restrictive, especially on first-visit-redirect |
2008-01-07 |
wsc-xit |
0 |
ISSUE-169 |
CLOSED |
Section 5.5.3 creates a burden on browsers to remember past certificates |
2008-01-07 |
wsc-xit |
0 |
ISSUE-170 |
CLOSED |
6.3 Seems more like extension/experimentation than standardization |
2008-01-07 |
wsc-xit-past-062008 |
0 |
ISSUE-171 |
CLOSED |
7.8 Is unclear about data retention requirements |
2008-01-07 |
wsc-xit |
0 |
ISSUE-172 |
CLOSED |
7.9 Normative text assumes a service we don't otherwise mention or expect to exist |
2008-01-07 |
wsc-xit |
0 |
ISSUE-173 |
CLOSED |
8.1.1 Requires user testing for the purposes of conformance |
2008-01-07 |
wsc-xit |
0 |
ISSUE-174 5.4 wsc-xit comments |
CLOSED |
review wsc-xit - general comments section 5.4 (public comment) |
2008-01-14 |
wsc-usecases |
0 |
ISSUE-175 wsc-xit comment section 6.5 |
CLOSED |
general comment section 6.5 table and bullet list (public comment) |
2008-01-14 |
wsc-usecases |
0 |
ISSUE-176 wsc-xit comment section 6.5 tls/ssl |
CLOSED |
general comment section 6.5 tls/ssl processing (public comment) |
2008-01-14 |
wsc-usecases |
0 |
ISSUE-177 wsc-xit comment section 6.5 tls/ssl pt2 |
CLOSED |
general comment section 6.5 tls/ssl pt2 (public comment) |
2008-01-14 |
wsc-usecases |
0 |
ISSUE-178 wsc-xit comment section 10.2.2 |
CLOSED |
general comment section 10.2.2 conceptual model (public comment) |
2008-01-14 |
wsc-usecases |
0 |
ISSUE-179 wsc-xit comment section 10.2.3 |
CLOSED |
general comment section 10.2.3 (public comment) |
2008-01-14 |
wsc-usecases |
0 |
ISSUE-180 wsc-xit spelling mistakes |
CLOSED |
wsc-xit spelling mistakes (public comment) |
2008-01-14 |
wsc-usecases |
0 |
ISSUE-181 |
CLOSED |
Should there be an authoring practice suggesting http/https URI space consistency |
2008-01-17 |
wsc-xit-past-062008 |
0 |
ISSUE-182 |
CLOSED |
We have lost the "secure page" definition |
2008-02-05 |
wsc-xit |
0 |
ISSUE-183 |
CLOSED |
Automatic Selfsigned Certificate acceptance/probation MUST NOT be implemented unless there is a history capability |
2008-02-07 |
wsc-xit |
0 |
ISSUE-184 chrome vs. content security indicators |
CLOSED |
Section 9.1 is too broad (security indicators in chrome vs. content) |
2008-02-14 |
wsc-xit |
0 |
ISSUE-185 |
CLOSED |
UI recommendations for URI handlers? |
2008-02-26 |
wsc-xit |
0 |
ISSUE-186 Petname option |
CLOSED |
Give petname as an option in identity signal |
2008-03-07 |
wsc-xit |
0 |
ISSUE-187 PinnedCerts |
CLOSED |
Be clear on just what pinned certificates are and are not |
2008-03-07 |
wsc-xit |
0 |
ISSUE-188 props |
CLOSED |
xit needs an acknowlegements section |
2008-03-14 |
wsc-xit |
0 |
ISSUE-189 SharedSecretWithWhom |
CLOSED |
shared secret from UA of web site? |
2008-03-19 |
wsc-xit |
0 |
ISSUE-190 relaxedpathvalidation |
CLOSED |
Relaxed Path Validation - optional, recommended? |
2008-04-16 |
wsc-xit |
0 |
ISSUE-191 DangerWillRobinson |
CLOSED |
Name mismatches should be Danger errors |
2008-04-25 |
wsc-xit |
0 |
ISSUE-192 ConformanceChrome |
CLOSED |
Keep Chrome visible if its used for SCI |
2008-04-25 |
wsc-xit |
0 |
ISSUE-193 MultiPageChrome |
CLOSED |
Make multiple web pages chrome section rfc 2119ed |
2008-04-25 |
wsc-xit |
0 |
ISSUE-194 SizeMatters |
CLOSED |
Window sizing a must |
2008-04-25 |
wsc-xit |
0 |
ISSUE-195 RestrictPopups |
CLOSED |
use SHOULD on popup restrictions |
2008-04-25 |
wsc-xit |
0 |
ISSUE-196 RemoveEmptiness |
CLOSED |
Remove Conformance Labels section |
2008-05-02 |
wsc-xit |
0 |
ISSUE-197 rm -rf petnames |
CLOSED |
Remove petnames |
2008-05-13 |
wsc-xit |
0 |
ISSUE-198 Be the user's agent and do their bidding |
CLOSED |
6.4.4 Danger messages should not strictly forbid user agents from doing the user's bidding |
2008-05-13 |
wsc-xit |
0 |
ISSUE-199 xmlhttprequest-tls |
CLOSED |
WebAPI does not specify any TLS error handling for XMLHttpRequest |
2008-05-13 |
wsc-xit |
0 |
ISSUE-200 |
CLOSED |
Should an AA security indication include all elements in the evaluation, or just the top document |
2008-05-13 |
wsc-xit |
0 |
ISSUE-201 |
CLOSED |
Status recording for revocation checks? |
2008-05-13 |
wsc-xit |
0 |
ISSUE-202 |
CLOSED |
Conformance model section makes outdated assumption about spec content |
2008-05-13 |
wsc-xit |
0 |
ISSUE-203 securityconsiderations |
CLOSED |
Update Security Considerations |
2008-05-14 |
wsc-xit |
0 |
ISSUE-204 nosqbrackets |
CLOSED |
Drop square brackets in section 6.1.1 |
2008-05-14 |
wsc-xit |
0 |
ISSUE-205 OCSP Failure Risk |
CLOSED |
Add security consideration for OCSP failure |
2008-05-14 |
wsc-xit |
0 |
ISSUE-206 Smartphones |
CLOSED |
Smartphone Considerations |
2008-05-14 |
wsc-xit |
0 |
ISSUE-207 identity, not security |
CLOSED |
Add Section 9.3 - Certificates assure identity, not security |
2008-05-14 |
wsc-xit |
0 |
ISSUE-208 human readable names |
CLOSED |
Add security consideration for "human readable" names - e.g. petnames |
2008-05-14 |
wsc-xit |
0 |
ISSUE-209 Typos |
CLOSED |
Spellchecking time |
2008-05-14 |
wsc-xit |
0 |
ISSUE-210 Warning Fatigue |
CLOSED |
Add section 9.5 - Warning Fatigue |
2008-05-14 |
wsc-xit |
0 |
ISSUE-211 Derived secrets SHOULD |
CLOSED |
Make 8.3 SHOULD not must |
2008-05-14 |
wsc-xit-past-062008 |
0 |
ISSUE-212 low chrome |
CLOSED |
devices and low-chrome mode |
2008-05-14 |
wsc-xit |
0 |
ISSUE-213 rfc5280 |
CLOSED |
Reference update from RFC 3280 to RFC 5280 |
2008-08-04 |
wsc-xit |
0 |
ISSUE-214 |
CLOSED |
editorial: reference to relaxed path validation |
2008-08-13 |
wsc-xit |
0 |
ISSUE-215 |
CLOSED |
Clarify "positive form of identity" language in 6.1.1 |
2008-08-20 |
wsc-xit |
0 |
ISSUE-216 |
CLOSED |
What information should be shown in the identity signal if no human readable information except for domain names is available? (6.1.1, LC-2088) |
2008-09-24 |
wsc-xit |
0 |
ISSUE-217 |
CLOSED |
Clarify whether identity signal is in EITHER primary or secondary chrome, or does it span BOTH, and if BOTH how does it affect the text |
2008-10-23 |
wsc-xit |
0 |
ISSUE-218 |
CLOSED |
6.2.G needs clarification and (possibly) removal of reference to "strong" / "weak"; include "strength"? |
2008-10-23 |
wsc-xit |
0 |
ISSUE-219 |
CLOSED |
Clarifiy in 6.2. that other sources means places other than just the security indicators |
2008-10-23 |
wsc-xit |
0 |
ISSUE-220 |
CLOSED |
Clarifiy 6.2.N to mean that the connection was authenticated by a trusted source |
2008-10-23 |
wsc-xit |
0 |
ISSUE-221 |
CLOSED |
Re-incorporate 6.4.2.B text as appropriate into 7.4.3 |
2008-10-24 |
wsc-xit |
0 |
ISSUE-222 |
CLOSED |
Clarify 6.4.3.G to be clear that we want one of the options to be recommended, not that we want exactly one option and one option only |
2008-10-24 |
wsc-xit |
0 |
ISSUE-223 |
CLOSED |
Make 7.1.2.B understandable |
2008-10-24 |
wsc-xit |
0 |
ISSUE-224 |
CLOSED |
The notion of "base domain" is undefined (section 5.1.6) |
2008-12-03 |
wsc-xit |
0 |
ISSUE-225 |
CLOSED |
How to deal with broken TLS on inline content and XMLHttpRequest |
2009-04-15 |
|
0 |
ISSUE-226 |
CLOSED |
Deal with the comment about the desparity between spec and use cases documents |
2009-05-06 |
|
0 |
ISSUE-227 |
CLOSED |
Terminology issues |
2009-09-21 |
wsc-xit |
0 |
ISSUE-228 |
CLOSED |
Editorial against 7.4.1 (obscuring or disabling security UI) |
2009-09-21 |
wsc-xit |
0 |
ISSUE-229 |
CLOSED |
Scope of specification: apply to widget user agents? |
2009-09-21 |
wsc-xit |
0 |
ISSUE-230 |
CLOSED |
Clarifications for 7.4.2 (software installation) |
2009-09-21 |
wsc-xit |
0 |
ISSUE-231 |
CLOSED |
Clarify meaning of "programmatic interface" |
2009-09-21 |
wsc-xit |
0 |
ISSUE-232 |
CLOSED |
Clarifications for 7.4.1 (Obscuring or disabling Security User Interfaces) |
2009-09-21 |
wsc-xit |
0 |
ISSUE-233 |
CLOSED |
Provide rationale for bookmarking API section (7.4.3) |
2009-09-21 |
wsc-xit |
0 |
ISSUE-234 |
CLOSED |
Clarify 7.4.4 (pop-up APIs) |
2009-09-21 |
wsc-xit |
0 |
ISSUE-235 |
CLOSED |
Use of MUST in section 7 |
2009-09-21 |
wsc-xit |
0 |
ISSUE-236 |
CLOSED |
Drop redirection chain section (5.4.3) |
2010-02-22 |
wsc-xit |
0 |
ISSUE-237 |
CLOSED |
Augmented Assurance Certificate Elements |
2010-02-22 |
wsc-xit |
0 |
ISSUE-238 |
CLOSED |
Clarify introductory sentence in 6.2 |
2010-02-22 |
wsc-xit |
0 |
ISSUE-239 |
CLOSED |
Consistent presentation of secondary security context information |
2010-02-22 |
wsc-xit |
0 |
ISSUE-240 |
CLOSED |
Clarify "protection level represented by the TLS indicator" |
2010-02-22 |
wsc-xit |
0 |
ISSUE-241 |
CLOSED |
TLS indicator in primary chrome |
2010-02-22 |
wsc-xit |
0 |
ISSUE-242 |
CLOSED |
Change introduction sentences in 6.4.2 and 6.4.3 into context, not conformance |
2010-02-22 |
wsc-xit |
0 |
ISSUE-243 |
CLOSED |
Pre-consent to software installation not implemented |
2010-02-22 |
wsc-xit |
0 |
ISSUE-244 |
CLOSED |
UI conformance criteria for TLS indicator and Identity Signal |
2010-02-22 |
wsc-xit |
0 |
ISSUE-245 |
CLOSED |
Do not require HTTPS URI for strong TLS protection |
2010-04-09 |
|
0 |
ISSUE-246 |
CLOSED |
Returning to previous User Agent State might not be possible |
2010-04-10 |
wsc-xit |
0 |
ISSUE-247 |
CLOSED |
Mixing content and UI |
2010-04-10 |
wsc-xit |
0 |