Hi, The W3C TAG is working on a finding for Client Certificates that people here should find very interesting [1].
One issue that comes up a lot in discussions is the use of certificates across origins [2], which some folks find problematic, even though it clearly has its uses [3]. It seems that this could be solved neatly with an X509 extension limiting usage to a certain origin or set of origins. I would not be surprised if this already exists. With browser chrome support this would allow the full range of uses from FIDO to cross origin ones whilst putting the user in control. Henry [1] https://github.com/w3ctag/client-certificates [2] https://github.com/w3ctag/client-certificates/issues/1 [3] https://github.com/w3ctag/client-certificates/issues/1#issuecomment-194318303 _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls