Re: Summary of "What is a secure page?" discussion, first draft from Mary Ellen Zurko on 2007-04-25 (public-wsc-wg@w3.org from April 2007)

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Wed, 25 Apr 2007 09:19:53 -0400
To: yngve@opera.com
Cc: "public-wsc-wg@w3.org" <public-wsc-wg@w3.org>
Message-ID: <OFE6276316.B4E69AF8-ON852572C8.00485B86-852572C8.00493A45@LocalDomain>

Hi Yngve, 

> Criteria currently used by clients (clients may use a selection)
> 
>     - Symmetric encryption strength used by the connection
>     - Strength of authentication used by server (such as public key 
length
> and certificate chain)
>     - Security of the protocol
>     - Sequence of redirects used to get to the document
>     - The security of documents loaded as part of the document
>     - The security of resources loaded by external software (plugins, 
Java)
> through the client

How does this last item work in current security display criteria? What's 
taken into consideration? 

> Criteria some think should be included
> 
>     - Information about the service's reputation
>     - Previously registered information about the server
>     - Is the document using content from third party services?

How would that last one get taken into account? What data is available on 
that today? Or is that a pure futures statement?


Nice writeup. In some of the sections, I'm not 100% sure how all of the 
details tie into our charter. But I think that will become clear as we 
flesh out what security context information should be displayed, and how, 
and how it should be protected. 

ACTION-178, for tracker

Received on Wednesday, 25 April 2007 13:19:56 UTC