- From: Thomas Roessler <tlr@w3.org>
- Date: Thu, 9 Aug 2007 14:37:45 +0200
- To: Johnathan Nightingale <johnath@mozilla.com>
- Cc: public-wsc-wg@w3.org
On 2007-08-08 15:02:51 -0400, Johnathan Nightingale wrote: > That clause was mostly intended as preventative medicine against > cynical implementors who declare conformance by surfacing > identity information, but who make no attempt to assess the > quality of that information even as far as "CAs we trust vs. CAs > we don't vs. Self-signed." Isn't that aspect covered by this language in the current editor's draft? @@Web Security Context@@ Editor's Draft $Date: 2007/08/08 18:21:55 $ 5.1.2 Identity Signal Content "Information displayed in the identity signal MUST be derived from attested certificates, from user agent state, or be otherwise authenticated. Web user agents MUST NOT use information as part of the [[ identity signal ]] that is taken from unauthenticated or untrusted sources." ... -- http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#signal-content Cheers, -- Thomas Roessler, W3C <tlr@w3.org>
Received on Thursday, 9 August 2007 12:37:49 UTC