[] (0) Mention the case of a previously-CA-signed-cert page turning i…

…nto a self-signed-cert page. git-svn-id: http://svn.whatwg.org/webapps@3495 340c8d12-0b0e-0410-8428-c7bf67bfef74
whatwg · Jul 29, 2009 · 06b943a · 06b943a
1 parent 4c8afb9
commit 06b943a
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 0 deletions.
diff --git a/index b/index
@@ -4982,6 +4982,11 @@ a.setAttribute('href', 'http://example.com/'); // change the content attribute d
   erroneous certificates or must act as if such resources were in fact
   served with no encryption.</p>
 
+  <p>User agents should warn the user that there is a potential
+  problem whenever the user visits a page that the user has previously
+  visited, if the page uses less secure encryption on the second
+  visit.</p>
+
   <p>Not doing so can result in users not noticing man-in-the-middle
   attacks.</p>
 
@@ -5003,6 +5008,12 @@ a.setAttribute('href', 'http://example.com/'); // change the content attribute d
    from a different host and only apply man-in-the-middle attacks to
    that host, for example taking over scripts in the page.</p>
 
+   <p>If a user bookmarks a site that uses a CA-signed certificate,
+   and then later revisits that site directly but the site has started
+   using a self-signed certificate, the user agent could warn the user
+   that a man-in-the-middle attack is likely underway, instead of
+   simply acting as if the page was not encrypted.</p>
+
   </div>
 
 

diff --git a/source b/source
@@ -4664,6 +4664,11 @@ a.setAttribute('href', 'http://example.com/'); // change the content attribute d
   erroneous certificates or must act as if such resources were in fact
   served with no encryption.</p>
 
+  <p>User agents should warn the user that there is a potential
+  problem whenever the user visits a page that the user has previously
+  visited, if the page uses less secure encryption on the second
+  visit.</p>
+
   <p>Not doing so can result in users not noticing man-in-the-middle
   attacks.</p>
 
@@ -4685,6 +4690,12 @@ a.setAttribute('href', 'http://example.com/'); // change the content attribute d
    from a different host and only apply man-in-the-middle attacks to
    that host, for example taking over scripts in the page.</p>
 
+   <p>If a user bookmarks a site that uses a CA-signed certificate,
+   and then later revisits that site directly but the site has started
+   using a self-signed certificate, the user agent could warn the user
+   that a man-in-the-middle attack is likely underway, instead of
+   simply acting as if the page was not encrypted.</p>
+
   </div>