ISSUE-135

SSC assertions

Not trusting any SSC assertion seems overbroad

State:
CLOSED
Product:
wsc-xit
Raised by:
Mary Ellen Zurko
Opened on:
2007-12-14
Description:
5.3.7

"However, Web user agents MUST NOT conclude that any assertions that may be included with the certificate are valid."

Why not, and how does that apply to usefully trusting self signed certs? I imagine there are some assertions that would be obviously a bad idea to trust in an self signed cert, but all assertions, past, present and future? How do we know that's a good idea?
Related Actions Items:
No related actions
Related emails:
  1. ISSUE-135 (SSC assertions): Not trusting any SSC assertion seems overbroad [wsc-xit] (from sysbot+tracker@w3.org on 2007-12-14)

Related notes:

Open issue into xit under Section 5.3.7 Trusted Certificates

Anil Saldhana, 21 Jan 2008, 21:45:40

Display change log ATOM feed


Mary Ellen Zurko <mzurko@us.ibm.com>, Chair, Thomas Roessler <tlr@w3.org>, Staff Contact
Tracker (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 135.html,v 1.1 2010/10/11 09:35:06 dom Exp $