- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Wed, 7 Oct 2009 09:56:02 -0400
- To: ext Paddy Byers <paddy.byers@gmail.com>
- Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, Device APIs and Policy Working Group WG <public-device-apis@w3.org>
We did not want to constrain the implementation given various possibilities, yet allow CRLs and OCSP where appropriate. We also did not want to bring in all the nuances of PKI into the spec. regards, Frederick Frederick Hirsch Nokia On Oct 7, 2009, at 9:28 AM, ext Paddy Byers wrote: > Hi, > > Is revocation in scope of the DAP policy v1, or should it be > deferred to v.next? > > Proposal: defer to v.next > > Rationale: More than one mechanism might be used to implement > revocation, so it can be deployment specific. > > In Widgets DigSig [0] we just have the (non-normative) note: > Note: A user agent's security policy can affect how signature > validation impacts operation, and may have additional constraints on > establishing trust, including additional requirements on certificate > chain validation and certificate revocation processing using CRLs > [RFC5280] or OCSP [RFC2560]. > > There are no explicit requirements, nor non-normative implementation > advice, as to whether a UA performs status/CRL processing for any/ > all of the certs in a chain at the time of installation, or at any > other time. Does anyone know the history of how WebApps arrived at > that position? Too hard to agree, not in scope, or not enough time? > > Paddy > > [0]: http://dev.w3.org/2006/waf/widgets-digsig/#use
Received on Wednesday, 7 October 2009 13:57:32 UTC