ISSUE-102: What should be our notion of "EV" certificates? [Techniques] from Web Security Context Working Group Issue Tracker on 2007-08-12 (public-wsc-wg@w3.org from August 2007)

From: Web Security Context Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Sun, 12 Aug 2007 11:38:08 +0000 (GMT)
To: public-wsc-wg@w3.org
Message-Id: <20070812113808.C20A53320A@kearny.w3.org>

ISSUE-102: What should be our notion of "EV" certificates? [Techniques]

http://www.w3.org/2006/WSC/track/issues/

Raised by: Thomas Roessler
On product: Techniques

This issue tries to capture the discussion at [1] and [2]; related to ISSUE-97.

The current state of affairs defines extended validation certificates by way of out-of-band qualification (essentially, a list of qualified trust anchors), coupled with a list of trust anchor specific extension OIDs, per [1], and adherence to the CAB forum guidelines. In [2], we see a demand to abstract away from the specific EV guidelines, and trigger EV like behavior through just qualification -- and maybe a public OID.

The questions for the group that will need to be resolved include:

- Should we endorse the CAB forum notion of EV certificates, or rather define
  a certain "enhanced behavior" that is triggered under certain conditions?

- Should we demand a standardized OID to trigger such EV-like behavior?

This relates to ISSUE-97, which asks the more specific question under what conditions display of logotypes should be triggered.

1. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Aug/0085.html
2. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Jul/0301.html

Received on Sunday, 12 August 2007 11:40:37 UTC