- From: Web Security Context Working Group Issue Tracker <sysbot+tracker@w3.org>
- Date: Wed, 2 Jan 2008 18:57:39 +0000 (GMT)
- To: public-wsc-wg@w3.org
ISSUE-147: Descriptions of certificate matching rules in SWFE need explanations somewhere [wsc-xit] http://www.w3.org/2006/WSC/track/issues/ Raised by: Mary Ellen Zurko On product: wsc-xit 7.1 "If both SiteA's and SiteB's certificates have the same value for the Subject field's Common Name (CN) attribute, there is a match; otherwise, continue with the matching algorithm. " I'm struggling to understand why this makes sense. I don't remember web user agents (wua's) displaying CN to me in normal or error conditions. So I don't see why this makes sense as matching wua displays (examples would disprove my memory). And I don't remember CAs promising not to "reuse" CNs (but maybe they do?). So it doesn't make sense from that perspective either. And I think I read several versions in the wiki, but don't remember an explanation of this there. Please explain. "If both SiteA's and SiteB's certificates have the same values for all of the "O", "L", "ST" and "C" attributes of the Subject field, there is a match; otherwise, continue with the matching algorithm. " OK, the conversation the other day was good, and the explanation later in the section is helpful. But I don't remember what these all are. Can you provide an easy to follow reference to decrypt them? O is organization. Drawing a blank on the other 3.
Received on Wednesday, 2 January 2008 18:57:42 UTC