W3C home > Mailing lists > Public > public-wsc-wg@w3.org > May 2008

Re: ISSUE-183, ISSUE-169

From: Joe Steele <steele@adobe.com>
Date: Mon, 12 May 2008 15:19:02 -0700
Message-ID: <7E19CB0359C4684887FB8C663DFD71080348A8FC@namail2.corp.adobe.com>
To: <public-wsc-wg@w3.org>
I realized after reading sections 5.1.5 and 5.5.1 again (and again and
again...) that this does not exclude searching an external pinning cache
automatically. I am happy with this, since this is a specific case that
implementers may care about (I certainly do). Mez, please keep reminding
me to read the spec thoroughly before speaking. :-)

 

However a related issue came up - it looks like a user agent can
automatically pin a self-signed certificate to a site which did not
already have a pinned certificate and still be conformant. These are the
relevant bits of text:

 

Section 5.1.5 Self-signed certificate and Untrusted Root Certificates

"If a client is able to automatically accept a self-signed certificate,
or recover from similar problem without user interaction, it MUST NOT do
so unless the client also have a history mechanism about security
information."

 

Section 5.5.1 TLS errors

"3. Otherwise, user agents MAY use error signaling of class notification
to offer pinning ..."

 

Section 6.4.2 Notifications and Status Indicators

"These indicators MAY include user interaction ..."

 

Shouldn't the error signaling be of class warning (section 6.4.3) to
ensure the user must interact to pin a new certificate to the site? This
would be consistent with #2 in section 5.5.1 as well. 

 

After reading through the minutes on the 2/6 teleconference, it looked
like the decision was made to not warn strongly in this case. I am not
clear on why though. It seems like some of the discussion about this was
not captured. Or I am not finding it. :-) Either way I would appreciate
clarification. I remember some discussion of this on the last
teleconference, but I did not capture it in my notes. 

 

BTW - I will be attempting to dial in to Oslo tonight.

 

Joe

 
Received on Monday, 12 May 2008 22:19:52 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 12 May 2008 22:19:53 GMT