ISSUE-104: Some information in certificates is not trustworthy [Techniques] from Web Security Context Working Group Issue Tracker on 2007-08-19 (public-wsc-wg@w3.org from August 2007)

From: Web Security Context Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Sun, 19 Aug 2007 16:28:17 +0000 (GMT)
To: public-wsc-wg@w3.org
Message-Id: <20070819162817.979F947BA3@mojo.w3.org>

ISSUE-104: Some information in certificates is not trustworthy [Techniques]

http://www.w3.org/2006/WSC/track/issues/

Raised by: Thomas Roessler
On product: Techniques

It feels like we need a sentence or two somewhere that says
that the content of certificates may not be trusted, and that
untrusted and trusted certificate content MUST NOT be mixed when
displayed to users.  Some of that is in the last sentence of 4.3.7
[1], but I don't think it's even near enough.

However, I'm unsure where that should go -- it fits the "don't
conflate content and security context" theme in 7.1 [2], and could
live in a section 7.2, it could go into the TLS related section, or
it could go into chapter 4.  Opinions welcome.

1. http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#sec-trusted-certificates
2. http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#site-identifying

Received on Sunday, 19 August 2007 16:28:29 UTC