On Thu 2015-10-22 06:23:35 -0400, Ben Laurie wrote:
> On Thu, 22 Oct 2015 at 03:16 Tom Ritter <[email protected]> wrote:
>> On 21 October 2015 at 08:52, Linus Nordberg <[email protected]> wrote:
>> > Impractical since the browser would have to know which domain that
>> > example.com has delegated its SCT Feedback to.
>>
>> This is an engineering problem I don't see a neat solution to. So
>> obviously the solution is a new HTTP header! SCT-Feedback:
>>
>> https://uncle-neds-discount-hanggliding-and-sct-feedback-correlator.website/google.com/
>> ;)
>
> Quite so.
I can't tell how much people are kidding around here -- i see Tom's
winky emoticon, at least.
But which version of the site should get to declare where the delegation
should happen -- the version that has the bogus cert with SCTs from the
colluding logs, or the "real" version?
--dkg
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
