W3C home > Mailing lists > Public > public-mobileok-checker@w3.org > October 2008

Change on invalid HTTPS certificates

From: Francois Daoust <fd@w3.org>
Date: Tue, 28 Oct 2008 15:38:20 +0100
Message-ID: <490723DC.1090908@w3.org>
To: public-mobileok-checker <public-mobileok-checker@w3.org>

Hi guys,

We resolved to move forward the mobileOK Basic Tests 1.0 specification 
without the change on the mobileOK Checker, but that doesn't mean we 
should not implement the change...

The new section to implement is:
http://www.w3.org/2005/MWI/BPWG/Group/Drafts/mobileOK-Basic-1.0-Tests/081018#https

1/ arbitrary root certificates should not trigger any error. Actually, I 
wonder if the recursive search for self-signed certificates we already 
have is not enough. I think it is.

2/ the certificate should be checked against the host name of the 
requested URI and return an HTTPS-1 FAIL message if both don't match. 
AFAICT, this is simply not done or at least not caught. I'm not sure 
what's the easiest way to do that.

3/ HTTPS-2 and HTTPS-3 messages are to replace HTTP_RESPONSE-2 and 
HTTP_RESPONSE-3. OK, this one should be easy ;-)

Anyone willing to move this forward?

Francois.
Received on Tuesday, 28 October 2008 14:38:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 28 October 2008 14:38:54 GMT