- From: Joe Steele <steele@adobe.com>
- Date: Wed, 3 Jun 2009 09:20:09 -0700
- To: WSC WG public <public-wsc-wg@w3.org>
- Message-ID: <C64BF0C9.9AE6%steele@adobe.com>
I believe consensus was reached that for expiration and revocation, we need to call out intermediate certificates as being a source of TLS errors. Also in some places we need to specify the end-entity certificate for some sections. Here are my proposed changes (in red): When, for a TLS-protected HTTP connection, the end-entity certificate presented or one of the intermediate certificates in the certificate chain are found to have been revoked, error signaling of class danger (6.4.3 Danger Messages) MUST be used. When, for a TLS-protected HTTP connection, the end-entity certificate presented or one of the intermediate certificates in the certificate chain are found to have expired, error signaling of class danger (6.4.3 Danger Messages) MUST be used. When the URL corresponding to the transaction at hand does not match the end-entity certificate presented, and a validated certificate is used, then error signaling of level danger(6.4.3 Danger Messages) MUST be used. Joe Steele
Received on Wednesday, 3 June 2009 16:20:52 UTC