On 2007-12-18 09:21:31 -0500, Mary Ellen Zurko wrote: > 8) ISSUE-122 - Safe Form Bar: CA Practice Assumptions > http://www.w3.org/2006/WSC/track/issues/122 > This seems to have no next steps. And in my review, this issue didn't make > sense to me. So let's clarify, and determine next steps. The issue specifically refers to this paragraph: http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#safebar-comparecn Both the first check in the matching algorithm and the second to last, which compares the "CN" attributes of the certificates' subject fields, provide a means to transparently update an organization's name and address. To change this certificate information, an organization acquires a certificate chain that specifies the updated information, but matches against one of these earlier checks. I don't know that any existing CAs would actually make use of that mechanism, so a reality check here would seem to be warranted. > 9) ISSUE-123 - Safe Form Bar: HTTP assumptions in "no TLS" section > http://www.w3.org/2006/WSC/track/issues/123 > No obvious next steps. We'll figure out what they are. Probably getting some appropriate review, like, from the TAG. It's not at all clear that "simply" swapping URI schemes is a sound practice to recommend. -- Thomas Roessler, W3C <tlr@w3.org>Received on Wednesday, 19 December 2007 14:45:46 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:55 GMT