Re: ISSUE-190 (relaxedpathvalidation): Relaxed Path Validation - optional, recommended? [wsc-xit] from Mary Ellen Zurko on 2008-04-24 (public-wsc-wg@w3.org from April 2008)

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Thu, 24 Apr 2008 17:07:47 -0400
To: Web Security Context Working Group WG <public-wsc-wg@w3.org>
Message-ID: <OFEE5CA2B0.EB5BB60F-ON85257435.0073F79C-85257435.007411B1@LocalDomain>

Thanks Ian. That quite close to being a "good" issue:
http://www.w3.org/2006/WSC/wiki/WriteGoodIssue

Please suggest how the issue should be resolved, with replacement text. 




From:
Web Security Context Working Group Issue Tracker <sysbot+tracker@w3.org>
To:
public-wsc-wg@w3.org
Date:
04/16/2008 12:13 PM
Subject:
ISSUE-190 (relaxedpathvalidation): Relaxed Path Validation - optional, 
recommended? [wsc-xit]





ISSUE-190 (relaxedpathvalidation): Relaxed Path Validation - optional, 
recommended? [wsc-xit]

http://www.w3.org/2006/WSC/track/issues/

Raised by: Ian Fette
On product: wsc-xit

This blocks on ACTION-416

It seems bad to have different browsers doing different things for the 
same site, specifically regarding whether SSL errors are displayed or not. 
I think we need to be consistent in whether we tell people to use relaxed 
path validation for normal (non-AA) certs or not. I.e. we should specify 
whether by default, relaaxed path validation should be used, or whether 
it's just an option that we expect 0.0001% of users to enable.

Received on Thursday, 24 April 2008 21:18:14 UTC