ISSUE-169: Section 5.5.3 creates a burden on browsers to remember past certificates from Web Security Context Working Group Issue Tracker on 2008-01-07 (public-wsc-wg@w3.org from January 2008)

From: Web Security Context Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Mon, 7 Jan 2008 14:53:27 +0000 (GMT)
To: public-wsc-wg@w3.org
Message-Id: <20080107145327.6E1F1C6DB0@barney.w3.org>

ISSUE-169: Section 5.5.3 creates a burden on browsers to remember past certificates

http://www.w3.org/2006/WSC/track/issues/

Raised by: Sunil Agrawal
On product: 

As I understand it, this section creates an inescapable obligation on user agents to store certificate history.  Aside from the challenge that no major browser currently does this (as far as I know), this creates privacy and implementation concerns around data retention.  We don't say how long this information must be kept, but we say the browser MUST treat it as a change of security level, which does not seem to leave open the possibility of not storing it.

Received on Monday, 7 January 2008 14:53:31 UTC