On 9/27/10 5:23 PM, =JeffH wrote: > Matt replied.. >> >> On Fri, 2010-09-24 at 16:01 -0700, =JeffH wrote: >>> > > Given all this, I suggest we change the last part of the last > sentence of >>> > > the "Security Note" quoted above to something like.. >>> > > >>> > > ..., by forcing the user to view the entire > certification path >>> > > and only then allowing the user to choose whether to > accept the >>> > > certificate on a temporary or permanent basis. See > [WSC-UI] for >>> > > further guidance. >>> > > >>> > > ..and leave it at that in -tls-server-id-check. We should also > consider >>> > > making [WSC-UI] a normative reference now that it is at > Recommendation >>> > > maturity level. >>> > >>> > OK. I suggest s/to choose whether //; the point is that the user >>> > accepts the certificate. >>> >>> I tend to think we ought to at least mention the notion that the cert > can be >>> accepted either temporarily or permanently. >> >> And that remains after my proposed edit. If you want to emphasize that >> it's the user's choice, try this: >> >> "...and only then allowing the user to accept the certificate on a >> temporary or permanent basis, at his/her option." >> >> The problem with the current text is that its negation could be that >> someone else does the choosing, when it should be that the certificate >> is not accepted. > > ah, ok, thx, I'd misunderstood your proposed edit, thx for clarification.
Based on jhutz's earlier comments, our working copy already has this: ... and only then allowing the user to accept the certificate (on a temporary or permanent basis, at the user's option). That seems to meet the need identified in this thread. Peter -- Peter Saint-Andre https://stpeter.im/ _______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
