- From: Johnathan Nightingale <johnath@mozilla.com>
- Date: Thu, 9 Aug 2007 09:55:40 -0400
- To: Thomas Roessler <tlr@w3.org>
- Cc: public-wsc-wg@w3.org
Well sure, if I read the whole thing. :) Apologies, J On 9-Aug-07, at 8:37 AM, Thomas Roessler wrote: > On 2007-08-08 15:02:51 -0400, Johnathan Nightingale wrote: > >> That clause was mostly intended as preventative medicine against >> cynical implementors who declare conformance by surfacing >> identity information, but who make no attempt to assess the >> quality of that information even as far as "CAs we trust vs. CAs >> we don't vs. Self-signed." > > Isn't that aspect covered by this language in the current editor's > draft? > > @@Web Security Context@@ > Editor's Draft $Date: 2007/08/08 18:21:55 $ > > 5.1.2 Identity Signal Content > > "Information displayed in the identity signal MUST be derived from > attested certificates, from user agent state, or be otherwise > authenticated. Web user agents MUST NOT use information as part of > the [[ identity signal ]] that is taken from unauthenticated or > untrusted sources." > > ... > > -- http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#signal-content > > Cheers, > -- > Thomas Roessler, W3C <tlr@w3.org> --- Johnathan Nightingale Human Shield johnath@mozilla.com
Received on Thursday, 9 August 2007 13:55:57 UTC