W3C home > Mailing lists > Public > public-mobileok-checker@w3.org > October 2008

RE: Change on invalid HTTPS certificates

From: Abel Rionda <abel.rionda@fundacionctic.org>
Date: Tue, 28 Oct 2008 18:10:55 +0100
Message-ID: <09700B613C4DD84FA9F2FEA52188281904A79D0F@ayalga.fundacionctic.org>
To: "Francois Daoust" <fd@w3.org>, "public-mobileok-checker" <public-mobileok-checker@w3.org>

Hi Francois,

Yep, Miguel and I will take care of it. We can not
promise a specific date for having this due to our
work duties, but I think that we can implement it within 
the next two weeks.

Best Regards,
Abel.

-----Mensaje original-----
De: public-mobileok-checker-request@w3.org
[mailto:public-mobileok-checker-request@w3.org] En nombre de Francois
Daoust
Enviado el: martes, 28 de octubre de 2008 15:38
Para: public-mobileok-checker
Asunto: Change on invalid HTTPS certificates


Hi guys,

We resolved to move forward the mobileOK Basic Tests 1.0 specification 
without the change on the mobileOK Checker, but that doesn't mean we 
should not implement the change...

The new section to implement is:
http://www.w3.org/2005/MWI/BPWG/Group/Drafts/mobileOK-Basic-1.0-Tests/08
1018#https

1/ arbitrary root certificates should not trigger any error. Actually, I

wonder if the recursive search for self-signed certificates we already 
have is not enough. I think it is.

2/ the certificate should be checked against the host name of the 
requested URI and return an HTTPS-1 FAIL message if both don't match. 
AFAICT, this is simply not done or at least not caught. I'm not sure 
what's the easiest way to do that.

3/ HTTPS-2 and HTTPS-3 messages are to replace HTTP_RESPONSE-2 and 
HTTP_RESPONSE-3. OK, this one should be easy ;-)

Anyone willing to move this forward?

Francois.
Received on Tuesday, 28 October 2008 17:10:59 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 28 October 2008 17:10:59 GMT