W3C home > Mailing lists > Public > public-xg-webid@w3.org > January 2012

RE: Thankyou for saving my sanity...

From: Peter Williams <home_pw@msn.com>
Date: Sat, 7 Jan 2012 06:46:59 -0800
Message-ID: <SNT143-W3961287131D2A909F881E6929A0@phx.gbl>
To: <j.jakobitsch@semantic-web.at>
CC: "public-xg-webid@w3.org" <public-xg-webid@w3.org>


 The site presents its home page, with menu. Clicking the WithCertOnly option, it induces an SSL handshake challenge. IE responds with a client cert picker, given the way the SSL sessions have been signalled or cached in this run. The site/browser then show IE-produced javascript, which is a variant of that typically shown when first encountering an unknown server cert. Typically, such a screen is show before a cert picker for clients is ever displayed. This screen gives less options that that normal case (presented for any site offering non-locally-rooted server certs), not allowing one to proceed at all. The address bar show an http URI, while the javascript is executing. Such javascript is typically induced by the windows OS core SSL transport layer, client side. It is IE (or more likely plumbing apparatus in the library part of the OS) that generates such javascript, having registered handlers to deal with the events. This is the webby way of dealing with the issues found at the transport layer (courtesy of IETF, and its barmy ideas about https and its relationship to layer 4 signalling). _ There is a problem with this website's security certificate.
The security certificate presented by this website was not issued by a trusted certificate authority. The security certificate presented by this website was issued for a different website's address. 

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server. 
We recommend that you close this webpage and do not continue to this website. 
Click here to close this webpage. 
Continue to this website (not recommended). 






More information



If you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting. When going to a website with an address such as https://example.com, try adding the 'www' to the address, https://www.example.com. 
For more information, see "Certificate Errors" in Internet Explorer Help.  > Date: Sat, 7 Jan 2012 14:11:29 +0100
> From: j.jakobitsch@semantic-web.at
> To: home_pw@msn.com
> CC: public-xg-webid@w3.org
> Subject: Re: Thankyou for saving my sanity...
> 
> peter, 
> 
> could you please tell me, what exactly makes the site "totally dead"?
> 
> the only javascript on the page is the logout script (see source).
> first, it is more or less the same as on henry's site (it doesn't return true or false, but that's all) 
> and second, the script has been there from the very beginning.
> between your first test on ie (see screeny [1] ) and the last one there was no change javascript-wise.
> 
> wkr j
> 
> [1] https://yorkporc.wordpress.com/2012/01/02/lets-test-webid-realm-with-webid/
> 
> ----- Original Message -----
> From: "Peter Williams" <home_pw@msn.com>
> To: "Jürgen Jakobitsch" <j.jakobitsch@semantic-web.at>
> Cc: public-xg-webid@w3.org
> Sent: Saturday, January 7, 2012 1:38:13 AM
> Subject: Re: Thankyou for saving my sanity...
> 
> Since you followed folks advice on Ajax and https, the site is totally dead to ie (9). I had to use opera... Instead. Ie used to work...
> 
> Ie allows me to test trust path discovery. When I have a root and a server cert (but a missing intermediary very or an intermediate that is invalid) windows goes looking at the end Certs URL to rebuild the local chain (following the back pointers, and observing constraints in the Certs policy statements) eg only chain through those anchors offering the eu qualified very assurance (as well as server key usage bit).. 
> 
> Sent from my iPhone
> 
> On Jan 6, 2012, at 3:53 PM, "Jürgen Jakobitsch" <j.jakobitsch@semantic-web.at> wrote:
> 
> > :) welcome! 
> > 
> > and if you care about your depiction simply add one to your profile or
> > add foaf:gender = male to display the even more beautiful male dummy image.
> > 
> > wkr j
> > 
> > ----- Original Message -----
> > From: "Peter Williams" <home_pw@msn.com>
> > To: "j jakobitsch" <j.jakobitsch@semantic-web.at>, public-xg-webid@w3.org
> > Sent: Saturday, January 7, 2012 12:48:31 AM
> > Subject: Thankyou for saving my sanity...
> > 
> > 
> > http://tinyurl.com/7luhnnv 
> > 
> > Your debug output gave the clue, and W3C validator did the rest. 
> > 
> > All along it was a &, vs an "&amp;" 
> > 
> > not only is there name/address duality, there is duality of encodings of meta-characters in the meta documents descirbing resources, bearing addresses that may be names (or not). 
> > 
> > -- 
> > | Jürgen Jakobitsch, 
> > | Software Developer
> > | Semantic Web Company GmbH
> > | Mariahilfer Straße 70 / Neubaugasse 1, Top 8
> > | A - 1070 Wien, Austria
> > | Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22
> > 
> > COMPANY INFORMATION
> > | http://www.semantic-web.at/
> > 
> > PERSONAL INFORMATION
> > | web   : http://www.turnguard.com
> > | foaf  : http://www.turnguard.com/turnguard
> > | skype : jakobitsch-punkt
> > 
> 
> -- 
> | Jürgen Jakobitsch, 
> | Software Developer
> | Semantic Web Company GmbH
> | Mariahilfer Straße 70 / Neubaugasse 1, Top 8
> | A - 1070 Wien, Austria
> | Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22
> 
> COMPANY INFORMATION
> | http://www.semantic-web.at/
> 
> PERSONAL INFORMATION
> | web   : http://www.turnguard.com
> | foaf  : http://www.turnguard.com/turnguard
> | skype : jakobitsch-punkt
> 
 		 	   		  
Received on Saturday, 7 January 2012 14:50:01 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 7 January 2012 14:50:03 GMT