- From: Thomas Roessler <tlr@w3.org>
- Date: Wed, 26 Mar 2008 14:42:25 +0100
- To: Johnathan Nightingale <johnath@mozilla.com>
- Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "Yngve N. Pettersen" <yngve@opera.com>, public-wsc-wg@w3.org
On 2008-03-26 09:32:28 -0400, Johnathan Nightingale wrote: > The current AA certs out there (EV certs) don't allow wildcard > matching, but in any case, EV certs also require, full stop, a > valid O field, so we don't walk the rest of the cert for that > value. If a CA is issuing EV certs without valid (and > validated!) O fields, they should fail their audits. :) That's what I wanted to have confirmed. In this case, the text in the augmented assurance section collapses further. | To derive a human-readable subject name from an AAC, user agents | MUST use the Subject field's Organization (O) attribute. | | If the certificate's Subject field does not have an Organization | attribute, then user agents MUST NOT consider the certificate as an | augmented assurance certificate, even if it chains up to an | AA-qualified trust root. User agents MAY consider such a certificate | as an ordinary validated certificate. Cheers, -- Thomas Roessler, W3C <tlr@w3.org>
Received on Wednesday, 26 March 2008 13:43:02 UTC