- From: Thomas Roessler <tlr@w3.org>
- Date: Tue, 23 Feb 2010 00:09:41 +0100
- To: Web Security Context Working Group WG <public-wsc-wg@w3.org>
- Cc: Thomas Roessler <tlr@w3.org>
On 23 Feb 2010, at 00:07, Web Security Context Working Group Issue Tracker wrote: > > ISSUE-237: Augmented Assurance Certificate Elements [wsc-xit] > > http://www.w3.org/2006/WSC/track/issues/237 > > Raised by: Thomas Roessler > On product: wsc-xit > > During CR, it was observed that: > - implementations commonly display O and CN > - if O is not present, extended validation certificates are still recognized (against conformance claim III), and CN is displayed > > Proposed: > > - to augment the conformance claim by a statement that identifies "What broadly accepted practices are considered sufficient for a trust anchor to be deemed augmented assurance qualified (see 5.1.2 Augmented Assurance Certificates), and what data elements are deemed assured by those certificates." > - to change conformance claims II and III into the following: > "To derive a human-readable subject name from an augmented assurance certificate, user agents SHOULD use the Subject field's Organization (O) and Country (CN) attributes. They MUST use information that is subject to the certificate authority's additional assurances, as documented in the user agent's conformance statement." (#II and #IIa in the latest editor's draft) Note that the proposed change includes dropping the previous conformance claim III, "If the certificate's Subject field does not have an Organization attribute, then user agents MUST NOT consider the certificate as an augmented assurance certificate, even if it chains up to an augmented assurance qualified trust root (5.1.2 Augmented Assurance Certificates). User agents MAY consider such a certificate as an ordinary validated certificate."
Received on Monday, 22 February 2010 23:09:43 UTC