Re: wsc-xit review

Mary Ellen Zurko wrote:
> 
>> 7. The first MUST at the start of 6.1.2 is entirely wrong. Delete
>> the sentence.
> 
> I'm not following you on this. I'm reading it to allow for user driven
> identity information as well as PKI driven identity information. For
> example, things like petnames.
> 

The sentence says: "Information displayed in the identity signal MUST be
derived from attested certificates, from user agent state, or be
otherwise authenticated."

Unless "otherwise authenticated" allows for absolutely anything (incl.
e.g. SSCs, totally non-crypto sessions that are the same as before),
then this seems way over the top. If "otherwise authenticated" does
allow for such cases, then the "MUST" is totally misleading.

Stephen.

Received on Wednesday, 2 January 2008 17:35:28 UTC