- From: Thomas Roessler <tlr@w3.org>
- Date: Wed, 29 Aug 2007 17:55:48 +0200
- To: public-wsc-wg@w3.org
forwarded with permission -- Thomas Roessler, W3C <tlr@w3.org> ----- Forwarded message from "Yngve N. Pettersen" <yngve@opera.com> ----- From: "Yngve N. Pettersen" <yngve@opera.com> To: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>, Thomas Roessler <tlr@w3.org> Date: Tue, 21 Aug 2007 08:58:03 -0700 Subject: TLS protected draft X-Spam-Level: Organization: Opera Software ASA X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.1.5 Hi, http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#tlsforweb Just noticed this in the draft the server used a trusted certificate that matches the dereferenced URI One of the hostnames identfied in the certificate must match the hostname of the URI. Another thing is that I am not aware of any client using Upgrade of HTTP to TLS. "weakly TLS-protected": IMO, weak public keys anywhere in the certificate chain should be directly mentioned, too -- Sincerely, Yngve N. Pettersen ******************************************************************** Senior Developer Email: yngve@opera.com Opera Software ASA http://www.opera.com/ Phone: +47 24 16 42 60 Fax: +47 24 16 40 01 ******************************************************************** ----- End forwarded message -----
Received on Wednesday, 29 August 2007 15:55:55 UTC