> On 9 Mar 2016, at 16:01, Eric Rescorla <e...@rtfm.com> wrote: > > This is not a TLS WG issue.
Where should I go to post this question? Sorry I don't know the full ecosystem. Henry > > -Ekr > > > On Wed, Mar 9, 2016 at 6:36 AM, Henry Story <henry.st...@bblfish.net > <mailto:henry.st...@bblfish.net>> wrote: > Hi, > > The W3C TAG is working on a finding for Client Certificates that > people here should find very interesting [1]. > > One issue that comes up a lot in discussions is the use of certificates > across origins [2], which some folks find problematic, even though it > clearly has its uses [3]. > > It seems that this could be solved neatly with an X509 extension > limiting usage to a certain origin or set of origins. I would not > be surprised if this already exists. With browser chrome support this > would allow the full range of uses from FIDO to cross origin ones > whilst putting the user in control. > > Henry > > > [1] https://github.com/w3ctag/client-certificates > <https://github.com/w3ctag/client-certificates> > [2] https://github.com/w3ctag/client-certificates/issues/1 > <https://github.com/w3ctag/client-certificates/issues/1> > [3] > https://github.com/w3ctag/client-certificates/issues/1#issuecomment-194318303 > <https://github.com/w3ctag/client-certificates/issues/1#issuecomment-194318303> > _______________________________________________ > TLS mailing list > TLS@ietf.org <mailto:TLS@ietf.org> > https://www.ietf.org/mailman/listinfo/tls > <https://www.ietf.org/mailman/listinfo/tls> >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls