- From: cowwoc <cowwoc@bbs.darktech.org>
- Date: Fri, 13 Jun 2014 20:10:38 -0400
- To: Martin Thomson <martin.thomson@gmail.com>
- CC: "public-media-capture@w3.org" <public-media-capture@w3.org>
On 13/06/2014 12:47 PM, Martin Thomson wrote: > On 13 June 2014 07:08, cowwoc <cowwoc@bbs.darktech.org> wrote: >> I asked before but don't recall getting an answer: is the permission scope >> (for HTTPS) the same as the HTTPS certificate? Meaning, does it span >> multiple domains if the certificate does? Or is it for a single domain? Or >> is it unspecified? > > The grant is for the origin to which permission was granted. The > details of the certificate do not matter at this level. > > If you have a wildcard for *.example.com, that doesn't allow you to > have https://foo.example.com use persistent permissions for > https://www.example.com. Nor would it allow > https://www.example.com:9000 to use the same permissions. Okay. Are there any objections to granting permissions to a certificate instead of to a single domain? Meaning, instead of granting permission to google.com, I'd grant permission to Google the company and implicitly to all domains and sub-domains covered by their certificate. From a trust point of view, if I don't trust Google I wouldn't grant google.com permission and on the flip side if I trust google.com I don't see a reason not to trust google.ca. What do you think? Gili
Received on Saturday, 14 June 2014 00:12:00 UTC