Re: Agenda: WSC WG distributed meeting, Wednesday, 2007-12-19

On 2007-12-18 09:21:31 -0500, Mary Ellen Zurko wrote:

> 8) ISSUE-122 - Safe Form Bar: CA Practice Assumptions
> This seems to have no next steps. And in my review, this issue didn't make 
> sense to me. So let's clarify, and determine next steps. 

The issue specifically refers to this paragraph:

  Both the first check in the matching algorithm and the second to
  last, which compares the "CN" attributes of the certificates'
  subject fields, provide a means to transparently update an
  organization's name and address. To change this certificate
  information, an organization acquires a certificate chain that
  specifies the updated information, but matches against one of
  these earlier checks.

I don't know that any existing CAs would actually make use of that
mechanism, so a reality check here would seem to be warranted.

> 9) ISSUE-123 - Safe Form Bar: HTTP assumptions in "no TLS" section
> No obvious next steps. We'll figure out what they are. 

Probably getting some appropriate review, like, from the TAG.  It's
not at all clear that "simply" swapping URI schemes is a sound
practice to recommend.

Thomas Roessler, W3C  <>

Received on Wednesday, 19 December 2007 14:45:46 UTC