- From: Thomas Roessler <tlr@w3.org>
- Date: Sat, 8 Mar 2008 13:03:23 +0100
- To: mzurko@us.ibm.com
- Cc: public-wsc-wg@w3.org
On 2008-03-07 22:15:23 +0100, Thomas Roessler wrote: > > A certificate that is [Definition: pinned] to a destination will be > > treated similar (but not identical) to a validated certificate in > > interactions defined elsewhere in this specification. > > Or rather, make the line less confusing. ;-) Rephrased: <p>If a Web site consistently presents the same self-signed certificate to a client, then this can be strong evidence that protection against an active attacker has been achieved as well. Conversely, a change of self-signed certificates for the same site can be evidence that a man in the middle attack occurs -- or it can be a symptom that the legitimate site has changed to a different self-signed certificate.</p> <p>Web user agents MAY offer pinning a self-signed certificate to a particular Web site, to enable behavior based on recorded state about self-signed certificates shown previously by the same site. Such behavior includes, e.g., warning users about changes of such certificates, and not showing warning messages if a site shows a certificate consistent with previous visits.</p> <p>The notification of this possibility SHOULD follow the requirements for Notification and Status Indicator as defined in <specref ref="error-notif"/>. This interaction SHOULD NOT cause a self-signed certificate to be pinned to more than one site, identified through URI scheme, domain, and port.</p> Hope that improves things a bit. -- Thomas Roessler, W3C <tlr@w3.org>
Received on Saturday, 8 March 2008 12:03:31 UTC