- From: Thomas Roessler <tlr@w3.org>
- Date: Sat, 8 Mar 2008 14:37:08 +0100
- To: mzurko@us.ibm.com, tyler.close@hp.com
- Cc: public-wsc-wg@w3.org
On 2008-03-07 16:12:57 +0000, Web Security Context Working Group Issue Tracker wrote: > I propose adding petname to the recommendations in 6.1. > Specifically, the petname definition from the following email: > http://lists.w3.org/Archives/Public/public-wsc-wg/2008Mar/0025.html > with this normative text added to 6.1.2: > Information displayed in the identity signal MAY include a petname. Reviewing Tyler's message, I notice that this petname definition is (unlike what we have in the safe form bar) not currently tied to any certificates. So, for inclusion with 6.1.2: - Under what conditions should petnames, if present, be displayed? - Do we want to say anything about what the presence of petnames should be keyed on? One direction could be the following: - Display when strong TLS (including "pinned" SSCs), don't display when weak TLS (including unpinned SSCs)? - Key off domain name and/or certificate that's used. Note, incidentally, that this would help us fill another gap in 6.1.2 (that I'm realizing got introduced -- but rightly so -- when I cleaned up the relationship between validated and self-signed certificates): What do we do if there is strong TLS protection, but it doesn't involve a validated certificate? Regards, -- Thomas Roessler, W3C <tlr@w3.org>
Received on Saturday, 8 March 2008 13:37:17 UTC