W3C home > Mailing lists > Public > public-wsc-wg@w3.org > December 2007

Re: Agenda: WSC WG distributed meeting, Wednesday, 2007-12-19

From: Thomas Roessler <tlr@w3.org>
Date: Wed, 19 Dec 2007 15:45:36 +0100
To: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Cc: public-wsc-wg@w3.org
Message-ID: <20071219144536.GB414@iCoaster.does-not-exist.org>

On 2007-12-18 09:21:31 -0500, Mary Ellen Zurko wrote:

> 8) ISSUE-122 - Safe Form Bar: CA Practice Assumptions
> http://www.w3.org/2006/WSC/track/issues/122
> This seems to have no next steps. And in my review, this issue didn't make 
> sense to me. So let's clarify, and determine next steps. 

The issue specifically refers to this paragraph:

  http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#safebar-comparecn

  Both the first check in the matching algorithm and the second to
  last, which compares the "CN" attributes of the certificates'
  subject fields, provide a means to transparently update an
  organization's name and address. To change this certificate
  information, an organization acquires a certificate chain that
  specifies the updated information, but matches against one of
  these earlier checks.

I don't know that any existing CAs would actually make use of that
mechanism, so a reality check here would seem to be warranted.

> 9) ISSUE-123 - Safe Form Bar: HTTP assumptions in "no TLS" section
> http://www.w3.org/2006/WSC/track/issues/123
> No obvious next steps. We'll figure out what they are. 

Probably getting some appropriate review, like, from the TAG.  It's
not at all clear that "simply" swapping URI schemes is a sound
practice to recommend.

-- 
Thomas Roessler, W3C  <tlr@w3.org>
Received on Wednesday, 19 December 2007 14:45:46 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:55 GMT