Not sure who is managing certs now that PKIX is closed. Try SAAG. -Ekr
On Wed, Mar 9, 2016 at 8:08 AM, Henry Story <henry.st...@bblfish.net> wrote: > > On 9 Mar 2016, at 16:01, Eric Rescorla <e...@rtfm.com> wrote: > > This is not a TLS WG issue. > > > Where should I go to post this question? Sorry I don't know the full > ecosystem. > > Henry > > > -Ekr > > > On Wed, Mar 9, 2016 at 6:36 AM, Henry Story <henry.st...@bblfish.net> > wrote: > >> Hi, >> >> The W3C TAG is working on a finding for Client Certificates that >> people here should find very interesting [1]. >> >> One issue that comes up a lot in discussions is the use of certificates >> across origins [2], which some folks find problematic, even though it >> clearly has its uses [3]. >> >> It seems that this could be solved neatly with an X509 extension >> limiting usage to a certain origin or set of origins. I would not >> be surprised if this already exists. With browser chrome support this >> would allow the full range of uses from FIDO to cross origin ones >> whilst putting the user in control. >> >> Henry >> >> >> [1] https://github.com/w3ctag/client-certificates >> [2] https://github.com/w3ctag/client-certificates/issues/1 >> [3] >> https://github.com/w3ctag/client-certificates/issues/1#issuecomment-194318303 >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls >> > > >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls