- From: Johnathan Nightingale <johnath@mozilla.com>
- Date: Fri, 2 May 2008 12:17:10 -0400
- To: "Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com>
- Cc: public-wsc-wg@w3.org
Received on Friday, 2 May 2008 16:17:55 UTC
The key word here is "Issuer." The requirement is that the identity signal make it clear what party (CA) is responsible for extending this trust (e.g. Comodo, Entrust, or Verisign). Even in validated (non-AA) certs, we can trust issuers to get their own names right. :) Language elsewhere talks about what to do for the *subject* of the cert, which I think is your confusion here. Cheers, Johnathan On 2-May-08, at 11:54 AM, Mary Ellen Zurko wrote: > > http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#signal-content > > 6.1.2 Identity Signal says for validated certificates: > > "The identity signal MUST include the Issuer field's Organization > attribute to inform the user about the party responsible for that > information." > > I don't remember why that is for validated certificates. If we did > this one to death already, please point me to it. Otherwise, my > proposal for this issue is either: > > A) Move that to AA certs only > B) Change the MUST to a SHOULD. Which actually I feel is still too > strong. But I'm guessing there's something I'm missing. > > --- Johnathan Nightingale Human Shield johnath@mozilla.com
Received on Friday, 2 May 2008 16:17:55 UTC