What is a secure page?
I’m afraid my primary viewpoint concerns application-to-application protocols like HTTPS/TLS/SSL vs. HTTP, without any knowlegde about the underlying system (which have to be considered untrusted). I think VPN (or IPSec,etc.) cannot be considered part of this question, because 1) it’s use is unknown to the application types (I think) we are considering, and 2) it is a network-to-network connectivity which does not provide any protection against eavesdropping inside either of the end networks, but only secures the connection between the two networks. Likewise, I also think document loaded via the file system is out of scope because, depending on your operating system, it is not possible to tell if a resource is really served by another computer and whether or not that connection is secure. OTOH, security of temporary files (such as cache) might be an issue, but websites can control this to some extent using Cache-Control directives. What this is about is the security of the client’s con
• 2.1 Document the status quo This section presents the parameters currently used by clients to determine how secure a document is. It also presents some thought about how users interprete the security indicator(s) in the clients, and how websites use the user’s interpretation to convey an appearance of security.
Related Questions
- Under Internet Explorer, users complain that they see a pop-up message saying This page contains both secure and nonsecure items, how do I get rid of this?
- When I go to subscribe or unsubscribe, I am taken to a page that doesn look like RuneScape. Is it secure?
- When I go to subscribe or unsubscribe, I go to a page that doesn look like FunOrb. Is it secure?
