ACTION-284: Trusted Certs from Hallam-Baker, Phillip on 2007-10-12 (public-wsc-wg@w3.org from October 2007)

From: Hallam-Baker, Phillip <pbaker@verisign.com>
Date: Fri, 12 Oct 2007 08:49:47 -0700
To: <public-wsc-wg@w3.org>
Message-ID: <2788466ED3E31C418E9ACC5C31661557084EBB@mou1wnexmb09.vcorp.ad.vrsn.com>

In addition there is Action 113: Terminology around "trusted" certificates is misleading and needs to be corrected. Relates to ACTION-284.

There are a copule of starting issues here.

First 4.1 starts:

The most common mechanism for applying TLS to the Web is the use of the https URI scheme [RFC2818] <http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#ref-RFC2818> ; the alternative upgrade mechanism [RFC2817] <http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#ref-RFC2817> is used rarely, if at all. For the purposes of this specification, the most relevant property of [RFC2818] <http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#ref-RFC2818> is that the URI used to identify a resource includes an assertion that use of TLS is desired.

I think we need to start by rephrasing this:

The https URI scheme [2818] requires the use of HTTP over TLS transport. The TLS upgrade mechanism [RFC2817] alows TLS transport to be used as an option with a http: scheme URI but this feature is rarely used.

[I don't think we need to state what is or is not relevant here. I can imagine that HTTP upgrade could be very relevant when we are talking about self signed certs and the like.]

"An HTTP transaction is TLS-protected"

[I don't think we should use the term protected here if we include use of NULL, TLS-Transported sounds more accurate]

"4.3.7 Trusted Certificates <http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#sec-trusted-certificates> "

I think here we have to insist on the distinction between trustED and trustWORTHY.

A trusted certificate is simply any certificate that meets the trust criteria for a relying party.

Where the language goes wrong is that half is -ED and half -WORTHY. I think we need to define both terms. This is particularly important since the sets are disjoint, a -WORTHY certificate is not always -ED and vice versa.

For example an EV cert is not automatically qualified for the federal bridge CA.

I think we need to define both terms as follows:

TRUSTED = Any certificate that is in the clients circle of trust for whatever reason

TRUSTWORTHY = A certificate issued in accordance with practices that reliably establish a degree of Identity/accountability that sufficiently mitigates risk for a particular purpose. Examples include Augmented Assurance.

The term trusted is thus an objective statement of fact: Alice may be a pinhead but if she trusts Mallet, Mallet is TrustED. Trustworthy is a subjective term that is always relative to a particular purpose.

I would like some discussion before I try to wordsmith further.

Received on Friday, 12 October 2007 15:50:10 UTC