ISSUE-103
How should unknown CAs and self-signed certificates be treated?
- State:
- CLOSED
- Product:
- wsc-xit
- Raised by:
- Thomas Roessler
- Opened on:
- 2007-08-12
- Description:
- Self-signed certificates are mostly treated as pure containers.
Certificates from unknown CAs can be treated as pure containers, or some of the information in such certificates can be used to cause distrust.
E.g., one could:
- Perform path validation and cause errors as one would for a known and
trusted CA, but don't display identity indicator? (This would effectively
make the "weak" and "strong" TLS notions orthogonal to whether we trust a CA.)
- Ignore path validation and treat as pure containers for cryptographic material?
- Related Actions Items:
ACTION-317 on Thomas Roessler to Note the open discussion about how PII notions of cert-handling fold into the rest of the document, particularly around self-signed certs and KCM - due 2008-01-21, closed- Related emails:
- ACTION-317: Different notions of KCM in different parts of the document (from tlr@w3.org on 2008-01-17)
- ACTION-348: cert related terminology (from stephen.farrell@cs.tcd.ie on 2007-12-05)
- Meeting record: WSC WG f2f 2007-11-06 (from tlr@w3.org on 2007-11-21)
- Draft minutes: WSC WG 2007-11-06 (from tlr@w3.org on 2007-11-17)
- Meeting record: WSC WG f2f 2007-10-03 (from tlr@w3.org on 2007-10-25)
- Draft Minutes: WSC WG face-to-face 2007-10-03 (from tlr@w3.org on 2007-10-10)
- Re: Draft Minutes: WSC WG face-to-face 2007-10-03 (from ifette@google.com on 2007-10-09)
- Re: ISSUE-103: Should unknown CAs and self-signed certificates be treated the same way? [Techniques] (from tlr@w3.org on 2007-08-29)
- Proposal: error handling / minimizing trust decisions (from tlr@w3.org on 2007-08-12)
- ISSUE-103: Should unknown CAs and self-signed certificates be treated the same way? [Techniques] (from sysbot+tracker@w3.org on 2007-08-12)
Related notes:
No additional notes.
Display change log