W3C home > Mailing lists > Public > public-bpwg@w3.org > September 2008

ACTION-841 Rework text referring to invalid certificate in mobileOK Basic Tests

From: Jo Rabin <jrabin@mtld.mobi>
Date: Mon, 08 Sep 2008 19:40:43 +0100
Message-ID: <48C571AB.9000704@mtld.mobi>
To: public-bpwg <public-bpwg@w3.org>

WSC Proposal:

We propose that you update this criterion, at a minimum, as follows:

If the resource is accessed through HTTPS:

	If the certificate presented does not match the
         resource's URI, FAIL.

	If the certificate has expired or is not yet valid, warn.

	If certificate validation otherwise fails, FAIL.
	
	Checker SHOULD consider arbitrary root certificates (including
	self-signed certificates) as trusted for the purposes of
	mobileOK testing.

=====

Current Text:

Note:

To allow for self-signature of certificates during testing the signatory
of a certificate should not be checked.


...


If the response is an HTTPS response:

	If the certificate is invalid, FAIL

	If the certificate has expired, warn



=====

Proposed replacement text:

Note:

Arbitrary root certificates (including self-signed certificates) should
be regarded as trusted.


...

If the response is the result of a request for a URI which has the
scheme https:

	If the certificate presented does not match the
         requested URI, FAIL.

	If the certificate has expired or is not yet valid, warn.

	If certificate validation otherwise fails, FAIL.
	
Received on Monday, 8 September 2008 18:41:34 UTC

This archive was generated by hypermail 2.4.0 : Friday, 25 March 2022 10:09:52 UTC