- From: Johnathan Nightingale <johnath@mozilla.com>
- Date: Wed, 26 Mar 2008 09:52:59 -0400
- To: Thomas Roessler <tlr@w3.org>
- Cc: W3C WSC Public <public-wsc-wg@w3.org>
Suits me! On 26-Mar-08, at 9:42 AM, Thomas Roessler wrote: > On 2008-03-26 09:32:28 -0400, Johnathan Nightingale wrote: > >> The current AA certs out there (EV certs) don't allow wildcard >> matching, but in any case, EV certs also require, full stop, a >> valid O field, so we don't walk the rest of the cert for that >> value. If a CA is issuing EV certs without valid (and >> validated!) O fields, they should fail their audits. :) > > That's what I wanted to have confirmed. In this case, the text in > the augmented assurance section collapses further. > > | To derive a human-readable subject name from an AAC, user agents > | MUST use the Subject field's Organization (O) attribute. > | > | If the certificate's Subject field does not have an Organization > | attribute, then user agents MUST NOT consider the certificate as an > | augmented assurance certificate, even if it chains up to an > | AA-qualified trust root. User agents MAY consider such a certificate > | as an ordinary validated certificate. > > Cheers, > -- > Thomas Roessler, W3C <tlr@w3.org> --- Johnathan Nightingale Human Shield johnath@mozilla.com
Received on Wednesday, 26 March 2008 13:53:40 UTC