RE: ACTION-250: propose breaking out 2.4 into its own proposal.recommendation

I agree, I think that we need to introduce a weasel phrase such as 'determined to be sufficiently trustworthy' to be used in the main body of the text.

Then a section which sets out controls and criteria which MAY be applied to determine that a party is sufficiently trustworthy, accountability controls, velocity controls, revocation, &ct.

> -----Original Message-----
> From: public-wsc-wg-request@w3.org 
> [mailto:public-wsc-wg-request@w3.org] On Behalf Of Stephen Farrell
> Sent: Tuesday, June 05, 2007 5:44 AM
> To: W3 Work Group
> Subject: ACTION-250: propose breaking out 2.4 into its own 
> proposal.recommendation
> 
> 
> 
> Section 2.4 of the draft on recommendations [1], deals with a 
> number of PKI related things, that, I think, should be separated.
> 
> I think removing the advice to CA operators from here to 
> elsewhere is the thing to do. Stuff like:
> 
>     "CAs who issue high grade SSL certificates (such as EV) ought to
>     remind requesters that logographic imagery is subject to trademark
>     laws and the requester is responsible to ensure the logo 
> they supply
>     to the RA is (a) legal for use in all countries and (b) visually
>     distinguishable from other logos."
> 
> ...belongs in its own "Proposals for CA operators" part and 
> shouldn't be mixed with guidance for UA vendors on when to 
> display PKI stuff.
> 
> Stephen.
> 
> [1] http://www.w3.org/2006/WSC/drafts/rec/#favicon-certlogos-rec
> 
> 

Received on Tuesday, 5 June 2007 12:37:32 UTC