ISSUE-69: New goal--Reduce the number of scenarios in which users\' security depends upon authenticating sites from Web Security Context Issue Tracker on 2007-04-25 (public-wsc-wg@w3.org from April 2007)

From: Web Security Context Issue Tracker <dean+cgi@w3.org>
Date: Wed, 25 Apr 2007 14:38:15 +0000 (GMT)
To: public-wsc-wg@w3.org
Message-Id: <20070425143815.16C3847BA3@mojo.w3.org>

ISSUE-69: New goal--Reduce the number of scenarios in which users' security depends upon authenticating sites

http://www.w3.org/2006/WSC/Group/track/issues/69

Raised by: Stuart Schechter
On product: Note: use cases etc.

Looking at the goals in Section 2 of the note, I don't see how password
managers, which reduce the likelihood that a user will enter a password into
an impersonation site, would fit into our goals.  MeZ tells me that she
believes there is a rough consensus that are inline with our goals.  Stuart
proposes a new goal between 2.5 and 2.6:

   Title:   "Reduce the number of scenarios in which users' security depends
on their ability to authenticating a site"
   Content: "No matter how well security information is presented, there
will always be users who, in some situations, will behave insecurely even in
the face of harsh warnings.  Thus, the working group will also recommend
ways to reduce the number of situations in which users' security will be
compromised if they fail to recognize an impersonation attack or other
security failure."

Received on Wednesday, 25 April 2007 14:38:16 UTC