ISSUE-96 Should support for logotypes be a SHOULD or a MAY?

This issue has a tendency to drive conversations all over the place, in 
part because it is not crisply stated. So, after discussion at two f2fs 
and several email bursts, I am going to declare a scope to this issue, and 
make a proposal. Anyone with issues outside my declared scope of this 
issue should raise a new issue (or action item, or separate email thread, 
or agenda item request). 


I declare the scope of this issue to be the current text in wsc-xit on 
logotypes. Any other issues with logotypes, those are other issues. 

Here's a proposal to clarify discussion and drive resolution of this 
specific issue. Other specific proposals of text (or lack thereof) in the 
places where there is logotype text currently are in scope of this issue. 
Other proposals are other issues. Other proposals that diddle with aspects 
of this text other than logotype are other issues. (for example, the EV to 
AA change isn't in the current text, so isn't here.) 

The proposal: 

Section 6.1.2, the last two paragraphs get changed to: 

For Web user agents that use a visual user interface capable of displaying 
bitmap graphics, during interactions with a TLS-secured Web page for which 
the top-level resource has been retrieved through a strongly TLS-protected 
interaction that involves an extended validation certificate, the identity 
signal SHOULD include display of the issuer, community, and subjec 
logotypes that are embedded in the certificate using the logotype 
extension [RFC3709].
During interactions with pages that were (all or in part) retrieved 
through weakly TLS-protected interactions, Web user agents MUST NOT 
display any logotypes derived from certificates.
The text in 6.2 stays as is. 
All other text on logotypes in wsc-xit is non normative. 

Received on Friday, 16 November 2007 20:26:29 UTC