ISSUE-121

Safe Form Bar certificate matching issues

State:
OPEN
Product:
wsc-xit-past-062008
Raised by:
Thomas Roessler
Opened on:
2007-10-11
Description:
The safe form bar specification includes a specific matching algorithm for PKIX certificates. This algorithm should be reviewed in light of what the PKIX spec itself says.

Known issues:

- There is some material based on CN, but subjectAltName is ignored
- Two certificates are considered identical if the same key material is encapsulated
- The text uses the notion of "same certification authority", and defines that notion in terms of "both installed as trusted certificate chain roots identified by the same name in the user agent's presentation to the user", as opposed to using the certificate's isuser field. (Note contradiction to material elsewhere in the spec!)
- Certificates are considered to identify the same entity based on comparing specific attributes of the subject field.
Related Actions Items:
Related emails:
  1. ACTION-317: Different notions of KCM in different parts of the document (from tlr@w3.org on 2008-01-17)
  2. Mez' review of wsc-xit (from Mary_Ellen_Zurko@notesdev.ibm.com on 2007-12-07)
  3. ACTION-348: cert related terminology (from stephen.farrell@cs.tcd.ie on 2007-12-05)
  4. Agenda: WSC WG distributed meeting, Wednesday, 2007-12-05 (from Mary_Ellen_Zurko@notesdev.ibm.com on 2007-12-04)
  5. ISSUE-121: Safe Form Bar certificate matching issues [Techniques] (from sysbot+tracker@w3.org on 2007-10-11)

Related notes:

2007-10-11 10:35:23: http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#safebar-associating [Thomas Roessler]

Display change log.

Mary Ellen Zurko <mzurko@us.ibm.com>, Chair, Thomas Roessler <tlr@w3.org>, Staff Contact
Tracker, originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: index.php,v 1.188 2008/09/04 07:17:30 dom Exp $