- From: Thomas Roessler <tlr@w3.org>
- Date: Wed, 6 Jun 2007 15:40:06 +0100
- To: "Hallam-Baker, Phillip" <pbaker@verisign.com>
- Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, W3 Work Group <public-wsc-wg@w3.org>
In rewriting 2, I'll probably add a note that says that conformance claims for products need to elaborate on what "sufficiently trustworthy" is, and encourages referring to relevant specifications. That should certainly do for the first public working draft. (However, we might wish to revisit that later. It's basically the same as saying that anybody who gives a CPS and conforms with it is good as a CA, and we've seen where that leads.) Cheers, -- Thomas Roessler, W3C <tlr@w3.org> On 2007-06-05 05:36:09 -0700, Phillip Hallam-Baker wrote: > From: "Hallam-Baker, Phillip" <pbaker@verisign.com> > To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, > W3 Work Group <public-wsc-wg@w3.org> > Date: Tue, 5 Jun 2007 05:36:09 -0700 > Subject: RE: ACTION-250: propose breaking out 2.4 into its own > proposal.recommendation > List-Id: <public-wsc-wg.w3.org> > X-Spam-Level: > X-Archived-At: > http://www.w3.org/mid/198A730C2044DE4A96749D13E167AD37012A5E9E@MOU1WNEXMB04.vc > orp.ad.vrsn.com > X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.1.5 > > > I agree, I think that we need to introduce a weasel phrase such > as 'determined to be sufficiently trustworthy' to be used in the > main body of the text. > > Then a section which sets out controls and criteria which MAY be > applied to determine that a party is sufficiently trustworthy, > accountability controls, velocity controls, revocation, &ct. > > > -----Original Message----- > > From: public-wsc-wg-request@w3.org > > [mailto:public-wsc-wg-request@w3.org] On Behalf Of Stephen Farrell > > Sent: Tuesday, June 05, 2007 5:44 AM > > To: W3 Work Group > > Subject: ACTION-250: propose breaking out 2.4 into its own > > proposal.recommendation > > > > > > > > Section 2.4 of the draft on recommendations [1], deals with a > > number of PKI related things, that, I think, should be separated. > > > > I think removing the advice to CA operators from here to > > elsewhere is the thing to do. Stuff like: > > > > "CAs who issue high grade SSL certificates (such as EV) ought to > > remind requesters that logographic imagery is subject to trademark > > laws and the requester is responsible to ensure the logo > > they supply > > to the RA is (a) legal for use in all countries and (b) visually > > distinguishable from other logos." > > > > ...belongs in its own "Proposals for CA operators" part and > > shouldn't be mixed with guidance for UA vendors on when to > > display PKI stuff. > > > > Stephen. > > > > [1] http://www.w3.org/2006/WSC/drafts/rec/#favicon-certlogos-rec > > > > > >
Received on Wednesday, 6 June 2007 15:05:21 UTC