WARC revision 1.1 (clarification): security issues

[cleymour]

Definition: It is written in the WARC standards (6.3.2 and 6.5.2) : "This document does not specify conventions for recording information about the 'https' secure socket transaction, such as certificates exchanged, consulted, or verified".
This sentence looks misleading: it should not mean that implementers shouldn't record this kind of information (which is provenance information), but that the standard doesn't give any advice on how to do it.

Decision: This should be more clearly explained. One or two examples with possible (optional) solutions could be provided.

Action: Jack Cushman to propose a formulation.

[anjackson]

Implementation first please! :-) Could consider clarification that this is not in scope as practice is not established..

[saraaubry]

The following changes have been integrated in the revised ISO draft during the ISO working group meeting on November 16-17, 2015:
at the end of section 6.3.2 and 6.5.2, replace/add last sentence: Conventions for recording information about the 'https' secure socket transaction, such as certificates exchanged, consulted, or verified, are not in the scope of this International Standard.

[saraaubry]

Included in WARC 1.1.