W3C home > Mailing lists > Public > public-wsc-wg@w3.org > May 2008

Re: ISSUE-169 Section 5.5.3 creates a burden on browsers to remember past certificates

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Fri, 09 May 2008 14:34:06 +0100
Message-ID: <482452CE.1090303@cs.tcd.ie>
To: Johnathan Nightingale <johnath@mozilla.com>
CC: Thomas Roessler <tlr@w3.org>, W3C WSC W3C WSC Public <public-wsc-wg@w3.org>

Johnathan Nightingale wrote:
> Hey Thomas,
> The text below was proposed by me, and is in the document, and is 
> probably enough to close the issue.  But in side conversations with Mez, 
> I ruminated over the fact that it's not clear to me whether this 
> renders, e.g., Firefox 3 non-compliant.  I *think* we'd be fine, because 
> this line seems to carry the day:
>>> The requirements in this section do not require user agents to
>>>  store information about past interactions longer than they
>>>  otherwise would.
> But the thing is, we DO store plenty of information about past 
> interactions: browsing history, bookmarks, saved passwords, cookies, as 
> examples.  But we do NOT store historical TLS information. I *think* 
 > that's still okay, ...

Have to say that that interpretation didn't occur to me at all,
so I guess, like Thomas, I'd rather that whatever do write down
implies that UAs are to store historical TLS info.

While I can see why an implementer might not be overjoyed with that
change, I don't think that we should limit ourselves to producing
a REC with which current UAs are already compliant.

Received on Friday, 9 May 2008 13:35:32 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:14:21 UTC