Not sure who is managing certs now that PKIX is closed. Try SAAG. -Ekr
On Wed, Mar 9, 2016 at 8:08 AM, Henry Story <[email protected]> wrote: > > On 9 Mar 2016, at 16:01, Eric Rescorla <[email protected]> wrote: > > This is not a TLS WG issue. > > > Where should I go to post this question? Sorry I don't know the full > ecosystem. > > Henry > > > -Ekr > > > On Wed, Mar 9, 2016 at 6:36 AM, Henry Story <[email protected]> > wrote: > >> Hi, >> >> The W3C TAG is working on a finding for Client Certificates that >> people here should find very interesting [1]. >> >> One issue that comes up a lot in discussions is the use of certificates >> across origins [2], which some folks find problematic, even though it >> clearly has its uses [3]. >> >> It seems that this could be solved neatly with an X509 extension >> limiting usage to a certain origin or set of origins. I would not >> be surprised if this already exists. With browser chrome support this >> would allow the full range of uses from FIDO to cross origin ones >> whilst putting the user in control. >> >> Henry >> >> >> [1] https://github.com/w3ctag/client-certificates >> [2] https://github.com/w3ctag/client-certificates/issues/1 >> [3] >> https://github.com/w3ctag/client-certificates/issues/1#issuecomment-194318303 >> _______________________________________________ >> TLS mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/tls >> > > >
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
