W3C home > Mailing lists > Public > public-wsc-wg@w3.org > July 2007

Re: ACTION-272: self-signed certificates

From: Thomas Roessler <tlr@w3.org>
Date: Mon, 30 Jul 2007 18:24:50 -0400
To: Serge Egelman <egelman@cs.cmu.edu>
Cc: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>, public-wsc-wg@w3.org
Message-ID: <20070730222450.GH2974@raktajino.does-not-exist.org> 

On 2007-07-30 18:17:10 -0400, Serge Egelman wrote:

> And again, how is the self-signed certificate any more
> trustworthy than a low-assurance certificate?  It would seem that
> the best solution should be to *only* keep track of consistency.

What's your definition of low-assurance?  "unknown CA"?

(In fact, you're probably right that the same unknown-CA cert seen
over an extended amount of time should be seen as as good as a
self-signed one, and be subject to the same kind of consistency
tracking.)

Cheers,
-- 
Thomas Roessler, W3C  <tlr@w3.org>
Received on Monday, 30 July 2007 22:24:51 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:50 GMT