- From: Thomas Roessler <tlr@w3.org>
- Date: Sun, 11 Jan 2009 15:00:51 +0100
- To: WSC WG <public-wsc-wg@w3.org>
An updated editor's draft is available: http://www.w3.org/2006/WSC/Drafts/rec/rewrite.html Web Security Context: User Interface Guidelines Editor's Draft 11 January 2009 $Revision: 1.280 $ $Date: 2009/01/11 13:59:50 $ Changes: - ACTION-550: Incorporate ACTION-525 text into editor's draft The following text was added to the end of the EV/AA cert section: > Note: Should certificates arise in the future that provide strong > assurance of the holder's identity, but do not include an > organization attribute, then user agents can make use of the > additional assurance level and identity information without > violating this specification. Such future certificates could, for > example, include high assurance certificates for individuals. http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#sec-evcert - ACTION-551: Put second option from ACTION-538 into editor's draft (This got minuted as "... from ACTION-550", which was nonsense.) The following text: > Whether a Web page is TLS-protected, whether the protection is weak > or strong, and the reasons for the value of the protection. was changed to this: > * What protection level is represented by the [ref TLS indicator]; > * If the Web page is [ref weakly] TLS-protected, then, what > conditions cause the protection to be weak (e.g., bad algorithms, > mixed content, ...) http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#pageinfo-weak - ACTION-552: Put text from ACTION-539 into editor's draft. See: http://lists.w3.org/Archives/Public/public-wsc-wg/2009Jan/0001.html - ACTION-553: Take change from http://lists.w3.org/Archives/Public/public-wsc-wg/2009Jan/0002.html into draft - ACTION-554: Take mez's intro section into the document, modulo the guidelines intending stuff, and core PKI technologies being used on the Web. (See separate note.) - ACTION-555: Send e-mail with proposed update to petnames proposal along lines of discussion above. See separate note. The change I propose is in the new editor's draft. - ACTION-556: Put in reference to Marc Stiegler's petname paper. - ACTION-557: Replace par 2 of 6.1.1 with this text: > If the identity signal is available, it MUST be part of primary user > interface when any identity sources that are from unauthenticated or > untrusted sources are (also) part of the primary user interface. > These sources include URLs. - ACTION-558: Include change from http://lists.w3.org/Archives/Public/public-wsc-wg/2008Sep/0013.html These were the references to TLSv12 -- I suggested what to do in September, but apparently never did it. Fixed now. - ACTION-559: Clarify OID / OOB designation issue in beginning of 5.1.2, see 9/24 minutes and LC-2088 I've shuffled the text around a bit, to make things more clear. Please have a look here: http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#sec-evcert Regards, -- Thomas Roessler, W3C <tlr@w3.org>
Received on Sunday, 11 January 2009 14:01:01 UTC