W3C home > Mailing lists > Public > public-wsc-wg@w3.org > December 2007

Re: Linking certs

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Sun, 23 Dec 2007 17:11:40 +0000
Message-ID: <476E96CC.2080102@cs.tcd.ie>
To: Ian Fette <ifette@google.com>
CC: W3 Work Group <public-wsc-wg@w3.org>

Ian Fette wrote:
> It seems to me like we are getting way beyond the scope of this group,

Yes, the proposed extension will be processed (or not) in the IETF.
This group should more-or-less ignore it, same as with the no-
interaction certs idea, and for much the same reason.

> and personally I don't see the value of what we're discussing in a
> broader sense. What matters in the current world of SSL is that the
> given cert is valid for the given site. We're talking about all sorts of

All sorts? Bit of an exaggeration, maybe.

> extensions just to support an edge case in a new form-filler that may or
> may not ever see broad adoption. If, under the best of cases, it does
> see adoption but the cert continuity part is left out, what's the worst
> that can happen? The user has to re-type their username and password?
> Given the strict matching of this mechanism, it seems to me like the
> user will be re-typing their information a lot anyways, and so what's
> one more re-type every two years?

Maybe. The fact that this hasn't been needed so far does indicate that
its probably a corner case all right. OTOH, I reckon that it might be
useful enough to bother producing an RFC.

> It seems like we're climbing down a giant rathole with no pot-of-gold in
> sight...

Nope. Only if we misunderstood the various processes involved.

Happy holidays,
Received on Sunday, 23 December 2007 17:11:42 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:14:19 UTC