This section now appears in the draft Note Out of scope section.

(A sub-section of the NoteIndex) [Mez drafted the original list; other contributions welcome.]

This page lists specific technical artifacts, like protocols or software components, that will not be the subject of any Working Group documents.

Out of scope

Content blocking

The Working Group will only create recommendations on the presentation of security context information and not on how that information must be acted upon. Recommended presentation techniques should facilitate and encourage safe browsing by users, but must not prevent the user from interacting with a web resource, even if an attack is suspected.

New security context information

The Working Group will neither create nor extend any protocol or data format, nor create recommendations for protocols or data formats that are not yet widely deployed. Recommendations will only be made for the presentation of currently deployed security context information.

Content based detection

Techniques commonly used by intrusion detection systems, virus checkers and spam filters to detect illegitimate requests based on their content are out of scope for this Working Group. These techniques include comparing the served URLs, graphics or markup to known legitimate sites, or to known attacks. The heuristics used in these tools are a moving target and so not a suitable subject for standardization. The Working Group will not recommend any checks on the content served by web sites.

Malware-infected systems (proposed, not final)

When a computer has been infected by malware, it is possible for the network stack or local trust systems to become compromised. The Working Group will not consider these cases when making recommendations, and will assume that the user agent has a trusted connection to the platform's networking stack.