Re: Some major edits just checked in. - tls errors from Mary Ellen Zurko on 2008-04-24 (public-wsc-wg@w3.org from April 2008)

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Thu, 24 Apr 2008 16:49:20 -0400
To: Thomas Roessler <tlr@w3.org>
Cc: public-wsc-wg@w3.org
Message-ID: <OFCBD82EF9.0B904AF9-ON85257435.007253CC-85257435.0072613A@LocalDomain>

> > http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#sec-tlserrors
> >
> > "When the URL corresponding to the transaction at hand does not match 
the
> > certificate presented, and a validated certificate is used, then error
> > signalling of level warning or above (6.4.3 Warning/Caution Messages ,
> > 6.4.4 Danger Messages) MUST be used."
> >
> > This one seems like a low ball to me. The whole point of the TLS 
server
> > authentication is to match the certificate to the URL. Why is the low 
bar
> > on this warning, instead of always danger?

> I think I took this from Serge's material; personally, I'd be as
> happy to use danger right away.

Only you and I seem to care. Willing to make the change? Or should I put 
it in as an issue?

Received on Thursday, 24 April 2008 20:49:59 UTC