ISSUE-130 (Trust Anchors): Trust Anchor Consistency Across Devices? [Techniques]

ISSUE-130 (Trust Anchors): Trust Anchor Consistency Across Devices? [Techniques]

http://www.w3.org/2006/WSC/track/issues/

Raised by: Luis Barriga
On product: Techniques

At the f2f meeting I mentioned one of the findings on smart-phones: the pre-provisioned trust anchors in smartphones are disjoint from the ones in desktop browsers. The opposite is valid too.

As a result, users visiting the one site on a smartphone and on a desktop browser will see TLS warnings that they has not seen previously when visiting the same site. (Trust is temporary unavailable)

Shall we add a Deployment Best Practice 8.x section on "Trust Anchor Consistency across devices" that basically recommends browser vendors, phone manufacturers etc to have a consistent set of pre-provisioned trust anchors?

Received on Monday, 15 October 2007 15:26:53 UTC