- From: Thomas Roessler <tlr@w3.org>
- Date: Sun, 12 Aug 2007 13:40:32 +0200
- To: michael.mccormick@wellsfargo.com
- Cc: public-wsc-wg@w3.org
On 2007-08-10 15:02:06 -0500, michael.mccormick@wellsfargo.com wrote: > Logotypes should be tied to X.509 certificates that have been > strongly vetted per EV rules or similar. WSC cannot mandate EV > specifically since it's not a standard. That's actually not entirely obvious; however, I think the question what our notion of "EV-like" (or "EV") should be needs to be discussed based on its merits. > Plus we should leave the door open to other communities to create > "EV-like" X.509 schemes. My industry is currently considering > just that. This ties in an interesting way with the "no public OID for EV behavior" decision that CAB forum seems to have made, see [1] and follow-ups. I suppose a cleaner approach would be to have (a) a publicly defined OID that indicates "EV-like behavior" (logotypes etc); (b) refer to an out-of-band "qualification" decision taken as a matter of browser customization. I also think coming up with such an approach would be within our scope. ISSUE-102 [2] tries to capture the two essential questions around this discussion, for later resolution. 1. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Jul/0301.html 2. http://www.w3.org/2006/WSC/track/issues/102 Regards, -- Thomas Roessler, W3C <tlr@w3.org>
Received on Sunday, 12 August 2007 12:22:13 UTC