- From: Thomas Roessler <tlr@w3.org>
- Date: Wed, 19 Dec 2007 15:45:36 +0100
- To: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
- Cc: public-wsc-wg@w3.org
On 2007-12-18 09:21:31 -0500, Mary Ellen Zurko wrote: > 8) ISSUE-122 - Safe Form Bar: CA Practice Assumptions > http://www.w3.org/2006/WSC/track/issues/122 > This seems to have no next steps. And in my review, this issue didn't make > sense to me. So let's clarify, and determine next steps. The issue specifically refers to this paragraph: http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#safebar-comparecn Both the first check in the matching algorithm and the second to last, which compares the "CN" attributes of the certificates' subject fields, provide a means to transparently update an organization's name and address. To change this certificate information, an organization acquires a certificate chain that specifies the updated information, but matches against one of these earlier checks. I don't know that any existing CAs would actually make use of that mechanism, so a reality check here would seem to be warranted. > 9) ISSUE-123 - Safe Form Bar: HTTP assumptions in "no TLS" section > http://www.w3.org/2006/WSC/track/issues/123 > No obvious next steps. We'll figure out what they are. Probably getting some appropriate review, like, from the TAG. It's not at all clear that "simply" swapping URI schemes is a sound practice to recommend. -- Thomas Roessler, W3C <tlr@w3.org>
Received on Wednesday, 19 December 2007 14:45:46 UTC