RE: ACTION-208: "Site Identifying Images in Chrome" display recommendation from michael.mccormick@wellsfargo.com on 2007-06-09 (public-wsc-wg@w3.org from June 2007)

From: <michael.mccormick@wellsfargo.com>
Date: Sat, 9 Jun 2007 01:37:40 -0500
To: <Mary_Ellen_Zurko@notesdev.ibm.com>
Cc: <public-wsc-wg@w3.org>
Message-ID: <8A794A6D6932D146B2949441ECFC9D68040A9F29@msgswbmnmsp17.wellsfargo.com>

Agreed.  I have rewritten the Disruption section accordingly: http://www.w3.org/2006/WSC/wiki/RecommendationDisplayProposals/FavIcon

Thanks, Mike

  _____  

From: Mary Ellen Zurko [mailto:Mary_Ellen_Zurko@notesdev.ibm.com] 
Sent: Friday, June 08, 2007 7:23 AM
To: McCormick, Mike
Cc: public-wsc-wg@w3.org
Subject: Re: ACTION-208: "Site Identifying Images in Chrome" display recommendation

"This recommendation addresses the use of site identifying images (e.g., logos) in web agent chrome. Specific implementations addressed are favicons and certificate logos. The use of site identifying images within content (not in chrome) is out of scope. " 
Not out of scope for the WG. And indeed, the "what is a secure page" proposal deals with it. So those two aspects of these proposals should be aligned (merged up in the editor's draft). 

"For these reasons, favicon use on web sites requiring user trust should be considered a security anti-pattern. Favicons undermine the web security context display in two ways. First, they appear to provide security context but in reality do not. Second, they blur the distinction between chrome and content. " 
I think there's a more general statement hiding here. You give all the reasons that favicons are a problem. So that anything that had those attributes would be a problem. That more general recommendation should also be a part of this one. 

I do think there might be Disruptions in this proposal. The Disruptions section is supposed to be for disruptions caused by the proposal. 

          Mez

Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
Lotus/WPLC Security Strategy and Patent Innovation Architect

<michael.mccormick@wellsfargo.com> 
Sent by: public-wsc-wg-request@w3.org 

05/19/2007 03:00 AM 

To
<public-wsc-wg@w3.org> 
cc
Subject
ACTION-208: "Site Identifying Images in Chrome" display recommendation

I drafted a display recommendation (using the template) that can be found at http://www.w3.org/2006/WSC/wiki/RecommendationDisplayProposals/FavIcon <http://www.w3.org/2006/WSC/wiki/RecommendationDisplayProposals/FavIcon>  in satisfaction of my action item, which I propose can now be closed. 

Michael McCormick, CISSP 
Lead Architect, Information Security Technology 
Wells Fargo Bank 
255 Second Avenue South 
MAC N9301-01J 
Minneapolis MN 55479 
*      612-667-9227 (desk)             *       612-667-7037 (fax) 
( :-)       michael.mccormick@wellsfargo.com (AIM) 
*       612-621-1318 (pager)            *       michael.mccormick@wellsfargo.com <mailto:michael.mccormick@wellsfargo.com>  

“THESE OPINIONS ARE STRICTLY MY OWN AND NOT NECESSARILY THOSE OF WELLS FARGO" 
This message may contain confidential and/or privileged information.  If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein.  If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message.  Thank you for your cooperation.

Received on Saturday, 9 June 2007 06:38:08 UTC