Not sure who is managing certs now that PKIX is closed. Try SAAG.

-Ekr


On Wed, Mar 9, 2016 at 8:08 AM, Henry Story <henry.st...@bblfish.net> wrote:

>
> On 9 Mar 2016, at 16:01, Eric Rescorla <e...@rtfm.com> wrote:
>
> This is not a TLS WG issue.
>
>
> Where should I go to post this question? Sorry I don't know the full
> ecosystem.
>
> Henry
>
>
> -Ekr
>
>
> On Wed, Mar 9, 2016 at 6:36 AM, Henry Story <henry.st...@bblfish.net>
> wrote:
>
>> Hi,
>>
>>   The W3C TAG is working on a finding for Client Certificates that
>> people here should find very interesting [1].
>>
>> One issue that comes up a lot in discussions is the use of certificates
>> across origins [2], which some folks find problematic, even though it
>> clearly has its uses [3].
>>
>>  It seems that this could be solved neatly with an X509 extension
>> limiting usage to a certain origin or set of origins. I would not
>> be surprised if this already exists. With browser chrome support this
>> would allow the full range of uses from FIDO to cross origin ones
>> whilst putting the user in control.
>>
>> Henry
>>
>>
>> [1] https://github.com/w3ctag/client-certificates
>> [2] https://github.com/w3ctag/client-certificates/issues/1
>> [3]
>> https://github.com/w3ctag/client-certificates/issues/1#issuecomment-194318303
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>>
>
>
>
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Reply via email to