ISSUE-121

Safe Form Bar certificate matching issues

State:
CLOSED
Product:
wsc-xit-past-062008
Raised by:
Thomas Roessler
Opened on:
2007-10-11
Description:
The safe form bar specification includes a specific matching algorithm for PKIX certificates. This algorithm should be reviewed in light of what the PKIX spec itself says.

Known issues:

- There is some material based on CN, but subjectAltName is ignored
- Two certificates are considered identical if the same key material is encapsulated
- The text uses the notion of "same certification authority", and defines that notion in terms of "both installed as trusted certificate chain roots identified by the same name in the user agent's presentation to the user", as opposed to using the certificate's isuser field. (Note contradiction to material elsewhere in the spec!)
- Certificates are considered to identify the same entity based on comparing specific attributes of the subject field.
Related Actions Items:
Related emails:
  1. Draft Minutes for 2009-01-21 (from maritzaj@cs.columbia.edu on 2009-01-22)
  2. ACTION-317: Different notions of KCM in different parts of the document (from tlr@w3.org on 2008-01-17)
  3. Mez' review of wsc-xit (from Mary_Ellen_Zurko@notesdev.ibm.com on 2007-12-07)
  4. ACTION-348: cert related terminology (from stephen.farrell@cs.tcd.ie on 2007-12-05)
  5. Agenda: WSC WG distributed meeting, Wednesday, 2007-12-05 (from Mary_Ellen_Zurko@notesdev.ibm.com on 2007-12-04)
  6. ISSUE-121: Safe Form Bar certificate matching issues [Techniques] (from sysbot+tracker@w3.org on 2007-10-11)

Related notes:

http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#safebar-associating

Thomas Roessler, 11 Oct 2007, 10:35:23

Display change log ATOM feed

Mary Ellen Zurko <mzurko@us.ibm.com>, Chair, Thomas Roessler <tlr@w3.org>, Staff Contact
Tracker (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 121.html,v 1.1 2010/10/11 09:35:04 dom Exp $