ACTION-517: Check EV expectations for subjectAltName from Mary Ellen Zurko on 2009-01-02 (public-wsc-wg@w3.org from January 2009)

From: Mary Ellen Zurko <mzurko@us.ibm.com>
Date: Fri, 2 Jan 2009 14:21:54 -0500
To: yngve@opera.com
Cc: public-wsc-wg@w3.org
Message-ID: <OF09380F04.DF884D13-ON85257532.006A26E7-85257532.006A66B9@LocalDomain>

Can someone connect the dots for me on this? We have this comment in a LC 
response:

Section 5.1.2:

    If the certificate's Subject field does not have an
    Organization attribute, then user agents MUST NOT consider the
    certificate as an augmented assurance certificate, even if it
    chains up to an AA-qualified trust root. User agents MAY
    consider such a certificate as an ordinary validated certificate.

What happens if a certificate's Subject field is empty, but the
SubjectAltName extension is marked critical and the subject's
identity is specified in the SAN field?  All things being equal
(i.e., an OID marks the certificate), would such a certificate be
considered trusted?

Which generated this action and response from Yngve: 
http://lists.w3.org/Archives/Public/public-wsc-wg/2008Oct/0019.html

So, what is the answer to the (second) question? Is it "yes"?

Received on Friday, 2 January 2009 19:22:50 UTC