- From: Hallam-Baker, Phillip <pbaker@verisign.com>
- Date: Tue, 5 Jun 2007 05:36:09 -0700
- To: "Stephen Farrell" <stephen.farrell@cs.tcd.ie>, "W3 Work Group" <public-wsc-wg@w3.org>
I agree, I think that we need to introduce a weasel phrase such as 'determined to be sufficiently trustworthy' to be used in the main body of the text. Then a section which sets out controls and criteria which MAY be applied to determine that a party is sufficiently trustworthy, accountability controls, velocity controls, revocation, &ct. > -----Original Message----- > From: public-wsc-wg-request@w3.org > [mailto:public-wsc-wg-request@w3.org] On Behalf Of Stephen Farrell > Sent: Tuesday, June 05, 2007 5:44 AM > To: W3 Work Group > Subject: ACTION-250: propose breaking out 2.4 into its own > proposal.recommendation > > > > Section 2.4 of the draft on recommendations [1], deals with a > number of PKI related things, that, I think, should be separated. > > I think removing the advice to CA operators from here to > elsewhere is the thing to do. Stuff like: > > "CAs who issue high grade SSL certificates (such as EV) ought to > remind requesters that logographic imagery is subject to trademark > laws and the requester is responsible to ensure the logo > they supply > to the RA is (a) legal for use in all countries and (b) visually > distinguishable from other logos." > > ...belongs in its own "Proposals for CA operators" part and > shouldn't be mixed with guidance for UA vendors on when to > display PKI stuff. > > Stephen. > > [1] http://www.w3.org/2006/WSC/drafts/rec/#favicon-certlogos-rec > >
Received on Tuesday, 5 June 2007 12:37:32 UTC