Re: ACTION-376: Rewrite 5.5.3 to be more explicit about history tracking from Timothy Hahn on 2008-02-18 (public-wsc-wg@w3.org from February 2008)

From: Timothy Hahn <hahnt@us.ibm.com>
Date: Mon, 18 Feb 2008 08:00:33 -0500
To: W3C WSC Public <public-wsc-wg@w3.org>
Message-ID: <OFBD0BE9A5.D8371D2F-ON852573F3.00464FC9-852573F3.00476B4F@us.ibm.com>

Jonathan,

I agree with the intent of the changes/addition (that user agents not be 
required to hold historical TLS information indefinitely).

Does the reference to "other browsing history information" cover whatever 
is bookmarked?  My opinion is that for purposes of the added paragraph 
below, it should.  Thus, historical TLS information related to a 
bookmarked item SHOULD NOT be expunged from a user agent before the 
bookmark itself is removed.

Regards,
Tim Hahn
IBM Distinguished Engineer

Internet: hahnt@us.ibm.com
Internal: Timothy Hahn/Durham/IBM@IBMUS
phone: 919.224.1565     tie-line: 8/687.1565
fax: 919.224.2530




From:
Johnathan Nightingale <johnath@mozilla.com>
To:
W3C WSC W3C WSC Public <public-wsc-wg@w3.org>
Date:
02/15/2008 04:52 PM
Subject:
ACTION-376: Rewrite 5.5.3 to be more explicit about history tracking




The current normative text in section 5.5.3 reads:

> Web user agents that have found a resource strongly TLS protected 
> during past interactions MUST consider an interaction with the same 
> resource as a change of security level if that interaction is not 
> strongly TLS protected. Web user agents that have found a resource 
> strongly TLS protected with an Augmented Assurance Certificate 
> SHOULD consider an interaction with the same resource as a change of 
> security level if that interaction is not strongly TLS protected 
> with an Augmented Assurance Certificate.

The concern I raised was that this seems to imply an obligation on 
user agents to store certificate history for an indeterminate period 
of time, and potentially independent of any privacy settings the agent 
might otherwise support.  For the purposes of addressing this concern, 
I think the text that is there is basically fine, but just needs to be 
elaborated on.  We want to say that we're not forcing the user agent 
to store this indefinitely, just that they keep it around *at least as 
long* as other history information.

I propose adding a new paragraph:

The requirements in this section do not require user agents to store 
information about past interactions longer than they otherwise would. 
Historical TLS information stored for the purposes of evaluating 
changes of security level MAY be expunged from the user agent on the 
same schedule as other browsing history information.  Historical TLS 
information MUST NOT be expunged prior to other browsing history 
information.

I believe this completes ACTION-376.

Cheers,

Johnathan

---
Johnathan Nightingale
Human Shield
johnath@mozilla.com

Received on Monday, 18 February 2008 13:00:48 UTC