ISSUE-208

human readable names

Add security consideration for "human readable" names - e.g. petnames

State:
CLOSED
Product:
wsc-xit
Raised by:
Johnathan Nightingale
Opened on:
2008-05-14
Description:
9.4 Binding "human readable" names to domains

Several recommendations in this document concern themselves with the binding between domain names and certificates, but equally important for users is the binding between domain name/certificate and the actual real-world entity involved in the transaction.  It is helpful, for example, to know not only that example.com presents a valid certificate, but also that it is the "Example Inc., Norway" with whom the user expects to be interacting.  In the case of AA certificates, the identity information provided may be considered sufficient for this purpose, but non-AA validated certificates do not necessarily provide this real-world identity.  User agents that wish to provide a mechanism for users to manually establish these linkages are advised to consider the Petnames [definition] approach described in [link to 5.1.6].
Related Actions Items:
Related emails:
  1. wsc-xit issues clean-up (from tlr@w3.org on 2008-08-21)
  2. Re: Agenda: WSC WG distributed meeting, Wednesday, 2008-06-18 (from egelman@cs.cmu.edu on 2008-06-18)
  3. Re: Agenda: WSC WG distributed meeting, Wednesday, 2008-06-18 (from ifette@google.com on 2008-06-17)
  4. Agenda: WSC WG distributed meeting, Wednesday, 2008-06-18 (from Mary_Ellen_Zurko@notesdev.ibm.com on 2008-06-17)
  5. Meeting record: 2008-05-14 (from tlr@w3.org on 2008-06-06)
  6. WSC Open Action Items (from Mary_Ellen_Zurko@notesdev.ibm.com on 2008-06-06)
  7. WSC Open Action Items (from Mary_Ellen_Zurko@notesdev.ibm.com on 2008-05-30)
  8. WSC Open Action Items (from Mary_Ellen_Zurko@notesdev.ibm.com on 2008-05-16)
  9. ISSUE-208 (human readable names): Add security consideration for 'human readable' names - e.g. petnames [wsc-xit] (from sysbot+tracker@w3.org on 2008-05-14)

Related notes:

No additional notes.

Changelog:

2008-05-14 11:30:04: Created issue 'Add security consideration for "human readable" names - e.g. petnames' nickname human readable names owned by Johnathan Nightingale on product wsc-xit, description '9.4 Binding "human readable" names to domains Several recommendations in this document concern themselves with the binding between domain names and certificates, but equally important for users is the binding between domain name/certificate and the actual real-world entity involved in the transaction. It is helpful, for example, to know not only that example.com presents a valid certificate, but also that it is the "Example Inc., Norway" with whom the user expects to be interacting. In the case of AA certificates, the identity information provided may be considered sufficient for this purpose, but non-AA validated certificates do not necessarily provide this real-world identity. User agents that wish to provide a mechanism for users to manually establish these linkages are advised to consider the Petnames [definition] approach described in [link to 5.1.6]. ' non-public [Johnathan Nightingale]

2008-08-21 10:34:18: Status changed to 'closed' [Thomas Roessler]

Mary Ellen Zurko <mzurko@us.ibm.com>, Chair, Thomas Roessler <tlr@w3.org>, Staff Contact
Tracker, originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: index.php,v 1.231 2009/11/16 15:00:54 dom Exp $