- From: =JeffH <Jeff.Hodges@KingsMountain.com>
- Date: Fri, 24 Sep 2010 16:39:27 -0700
- To: public-usable-authentication@w3.org
- CC: Thomas Roessler <tlr@w3.org>
AFAICT, <http://www.w3.org/TR/wsc-ui/> [WSC-UI] discusses cert "pinning" only in the case of self-signed certs, or certs whose cert chain that leads to an untrusted root certificate. We're curious as to whether cert pinning in the face of subject name mismatch was considered as a use case, as well as in the face of other TLS/SSL cert errors, as apparently done by present browsers (for better or worse). In other words, is it your conscious intention in WSC-UI to limit employment of cert pinning to only the discussed use cases, or were the other use cases overlooked? I'm asking in the context of editing <http://tools.ietf.org/html/draft-saintandre-tls-server-id-check>, which is expressly about verification of cert-based server identity in TLS/SSL. In general. Our latest provisional language wrt this is.. > Security Note: Some existing interactive user agents give advanced > users the option of proceeding despite an identity mismatch. > Although this behavior can be appropriate in certain specialized > circumstances, in general it needs to be exposed only to advanced > users and even then needs to be handled with extreme caution, for > example by first encouraging even an advanced user to terminate > the connection and, if the advanced user chooses to proceed > anyway, by forcing the user to view the entire certification path > and only then allowing the user to choose whether to accept the > certificate on a temporary or permanent basis. We're considering how to reference WSC-UI here, but since this use-case apparently discussed in WSC-UI it's awkward. thanks, =JeffH
Received on Friday, 24 September 2010 23:46:32 UTC