- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Wed, 26 Mar 2008 14:58:13 +0000
- To: Johnathan Nightingale <johnath@mozilla.com>
- CC: Thomas Roessler <tlr@w3.org>, W3C WSC Public <public-wsc-wg@w3.org>
Johnathan Nightingale wrote: > > Suits me! > On 26-Mar-08, at 9:42 AM, Thomas Roessler wrote: >> On 2008-03-26 09:32:28 -0400, Johnathan Nightingale wrote: >> >>> The current AA certs out there (EV certs) don't allow wildcard >>> matching, but in any case, EV certs also require, full stop, a >>> valid O field, so we don't walk the rest of the cert for that >>> value. If a CA is issuing EV certs without valid (and >>> validated!) O fields, they should fail their audits. :) >> >> That's what I wanted to have confirmed. In this case, the text in >> the augmented assurance section collapses further. >> >> | To derive a human-readable subject name from an AAC, user agents >> | MUST use the Subject field's Organization (O) attribute. >> | >> | If the certificate's Subject field does not have an Organization >> | attribute, then user agents MUST NOT consider the certificate as an >> | augmented assurance certificate, even if it chains up to an >> | AA-qualified trust root. User agents MAY consider such a certificate >> | as an ordinary validated certificate. Looks good. (So long as the UA doesn't do any other cert matching.) Stephen.
Received on Wednesday, 26 March 2008 14:59:04 UTC