- From: Web Security Context Working Group Issue Tracker <sysbot+tracker@w3.org>
- Date: Wed, 14 May 2008 11:30:04 +0000 (GMT)
- To: public-wsc-wg@w3.org
ISSUE-208 (human readable names): Add security consideration for "human readable" names - e.g. petnames [wsc-xit] http://www.w3.org/2006/WSC/track/issues/ Raised by: Johnathan Nightingale On product: wsc-xit 9.4 Binding "human readable" names to domains Several recommendations in this document concern themselves with the binding between domain names and certificates, but equally important for users is the binding between domain name/certificate and the actual real-world entity involved in the transaction. It is helpful, for example, to know not only that example.com presents a valid certificate, but also that it is the "Example Inc., Norway" with whom the user expects to be interacting. In the case of AA certificates, the identity information provided may be considered sufficient for this purpose, but non-AA validated certificates do not necessarily provide this real-world identity. User agents that wish to provide a mechanism for users to manually establish these linkages are advised to consider the Petnames [definition] approach described in [link to 5.1.6].
Received on Wednesday, 14 May 2008 11:30:34 UTC