ISSUE-135
SSC assertions
Not trusting any SSC assertion seems overbroad
- State:
- CLOSED
- Product:
- wsc-xit
- Raised by:
- Mary Ellen Zurko
- Opened on:
- 2007-12-14
- Description:
- 5.3.7
"However, Web user agents MUST NOT conclude that any assertions that may be included with the certificate are valid."
Why not, and how does that apply to usefully trusting self signed certs? I imagine there are some assertions that would be obviously a bad idea to trust in an self signed cert, but all assertions, past, present and future? How do we know that's a good idea?
- Related Actions Items:
- No related actions
- Related emails:
- ISSUE-135 (SSC assertions): Not trusting any SSC assertion seems overbroad [wsc-xit] (from sysbot+tracker@w3.org on 2007-12-14)
Related notes:
Open issue into xit under Section 5.3.7 Trusted Certificates
Anil Saldhana, 21 Jan 2008, 21:45:40Display change log