- From: Yngve N. Pettersen (Developer Opera Software ASA) <yngve@opera.com>
- Date: Sun, 07 Sep 2008 16:51:04 +0200
- To: "public-wsc-wg@w3.org" <public-wsc-wg@w3.org>
Hi, Sec. 6.1.2 currently says "The identity signal MUST include the Issuer field's Organization attribute to inform the user about the party responsible for that information." A problem here may be: Which issuer? Many certificate chains include one or more intermediates, and the intermediates may not use the same organization name as the Root. This will not just be the case in connection with some Cross-signed certificates (which a number of newer CAs are using, while waiting for their root to be distributed), but also for some CAs that are issuing intermediates to larger organizations that want to issue their own certificates. An example of the latter is https://www.mastercard.com/us/gateway.html , which is using a certificate issued by Mastercard's own CA, which was issued by RSA Security, off a Valicert Root (AFAIK, Valicert is a now-defunct Root CA, whose certificates have been sold to other companies because of their value as being embedding in major Rootstores) The correct name may change from case to case, so there may not be a "right" answer that apply to all cases. Having all names might be "correct", but may be problematic due to space constraints in the chrome. I would suggest that this point is clarified to state if the name to be used is the direct issuer's name, or the Root Issuer's name, at least as a minimum requirement. -- Sincerely, Yngve N. Pettersen ******************************************************************** Senior Developer Email: yngve@opera.com Opera Software ASA http://www.opera.com/ Phone: +47 24 16 42 60 Fax: +47 24 16 40 01 ********************************************************************
Received on Sunday, 7 September 2008 14:51:50 UTC