Re: ISSUE-169 Section 5.5.3 creates a burden on browsers to remember past certificates

I thought that issue was taken care of with the following language
(by Johnathan):

  The requirements in this section do not require user agents to
  store information about past interactions longer than they
  otherwise would. Historical TLS information stored for the
  purposes of evaluating security relevant changes of behavior MAY
  be expunged from the user agent on the same schedule as other
  browsing history information. Historical TLS information MUST NOT
  be expunged prior to other browsing history information. For
  purposes of this requirement, browsing history information
  includes visit logs, bookmarks, and information stored in a user
  agent cache.

Last pargarph of text above this heading:

  http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#errors-blacklists

-- 
Thomas Roessler, W3C  <tlr@w3.org>





On 2008-05-09 08:23:35 -0400, Mary Ellen Zurko wrote:
> From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
> To: Johnathan Nightingale <johnath@johnath.com>
> Cc: public-wsc-wg@w3.org
> Date: Fri, 9 May 2008 08:23:35 -0400
> Subject: ISSUE-169 Section 5.5.3 creates a burden on browsers to remember past  certificates
> List-Id: <public-wsc-wg.w3.org>
> X-Spam-Level: 
> Authentication-Results: mx.google.com; spf=pass (google.com: domain of public-wsc-wg-request@listhub.w3.org
> 	designates 128.30.52.56 as permitted sender) smtp.mail=public-wsc-wg-request@listhub.w3.org
> Archived-At: <http://www.w3.org/mid/OF757DA4C0.47CB9B90-ON85257444.0043F315-85257444.004413CE@LocalDomain>
> X-Bogosity: Ham, tests=bogofilter, spamicity=0.026623, version=1.1.6
> 
> This issue needs to be made "good" with a concrete straw proposal, since 
> we've already gone through this section in detailed discussions. Anyone 
> still care enough about it to do that? 
> 
> http://www.w3.org/2006/WSC/wiki/WriteGoodIssue
> 
>

Received on Friday, 9 May 2008 12:34:14 UTC