W3C home > Mailing lists > Public > public-wsc-wg@w3.org > April 2007

No Padlock OID

From: Hallam-Baker, Phillip <pbaker@verisign.com>
Date: Sun, 22 Apr 2007 07:01:13 -0700
Message-ID: <198A730C2044DE4A96749D13E167AD370124CB09@MOU1WNEXMB04.vcorp.ad.vrsn.com>
To: <public-wsc-wg@w3.org>
One of the main problems we face with certificates is that the padlock conflates encryption and authentication.
 
There are many applications where we want encryption but we do not want to authenticate the certificate subject beyond domain level assurance, in VeriSign terms a class 1 certificate, SSL is normally class 3 or 3+EV.
 
Would the browser providers be prepared to support an OID which would disable the padlock display? Such a certificate would respond to https and turn on encryption, but without a padlock.
 
 
The objective here is to support embedded devices like coffee pots and house cleaning robots where we want communication to the device to be encrypted but not pay for the level of authentication that would be required to issue a merchant certificate.
 
 
Received on Sunday, 22 April 2007 14:01:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:47 GMT