On 10/31/2014 1:04 PM, Anne van Kesteren wrote:
Sorry, no, actually the proposed syntax is completely independent of domain names.On Fri, Oct 31, 2014 at 11:22 AM, Moudrick M. Dadashov <[email protected]> wrote:The document below proposes a generic syntax for unique identification of natural/legal Subjects (see Section 5):http://docbox.etsi.org/ESI/Open/Latest_Drafts/prEN_319412-1v006-cert-profiles-common-structures_COMPLETE-draft.pdfEven if that works out, you're at best duplicating a system that is already in place with domain names.
It does lead to [at least] unified presentation of (legal/natural) Subject information and consequently to its consistent interpretation (UI).And it does not necessarily lead to simpler UI.
Right, this is happening because "security characteristics" are dynamic while Subject information is static, so let's keep these things separate. "Security characteristics" are application specific and its the application to define how reliable Subject information is. The ETSI proposal above is about the syntax for unique Subject identification where we get both: the unique Subject ID and the ID of a registry that maintains those identities.E.g. Apple now simply shows the Organization in the address bar, but with that mozilla.org and bugzilla.mozilla.org appear identical, while they actually have different security characteristics as far as the end user is concerned.
yes, this is something out of scope of the proposed syntax and needs some sort of standardization.Perhaps that would argue for showing both the Organization and the domain name as most other browsers appear to be doing, but that makes the UI is more complicated to grasp compared to DV or lacking TLS altogether.
Thanks, M.D.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
