Re: ISSUE-106 (cert/URL matching): We need to define details of cert/URL matching [Techniques] from Thomas Roessler on 2007-09-02 (public-wsc-wg@w3.org from September 2007)

From: Thomas Roessler <tlr@w3.org>
Date: Sun, 2 Sep 2007 10:15:58 +0200
To: stephen.farrell@cs.tcd.ie
Cc: public-wsc-wg@w3.org
Message-ID: <20070902081558.GO3497@raktajino.does-not-exist.org>

On 2007-08-29 15:52:11 +0000, Web Security Context Working Group
Issue Tracker wrote:

> ISSUE-106 (cert/URL matching): We need to define details of
> cert/URL matching [Techniques]

> http://www.w3.org/2006/WSC/track/issues/

> Raised by: Stephen Farrell
> On product: Techniques

> If we are react to certs that don't match a URL then we need a
> well defined matching rule

So, we say that "if cert doesn't match, blah blah, then..." -- for
that, the rules in RFC 2818 (https) combined with RFC 3280 (pkix)
would seem to be sufficient.

Are you suggesting that we just reference these two documents, or do
you have something deeper in mind?

Thanks,
-- 
Thomas Roessler, W3C  <tlr@w3.org>

Received on Sunday, 2 September 2007 08:16:00 UTC