Re: [Bug 22214] How long do permissions persist?

On 16 June 2014 09:04, Harald Alvestrand <harald@alvestrand.no> wrote:
> Is a user really in a better position to judge whether individual origins
> are trustworthy than the certificate owner?
>
>
> If we were to put in the standard that permission is granted to C and
> everyone he signs for, instead of to either A or B, we deny operators the
> ability to host two services with different levels of trust under the same
> certificate.
>
> I don't think that's a good move.


I think that the key here is that a user has only got the domain name
(and port) to base decisions on.  I think that it would be surprising
if example.com were able to use my camera based on a permissions grant
to example.org.  Users won't know that they were the same entity; they
aren't checking certificates for subjectAltName values.

Received on Monday, 16 June 2014 16:36:47 UTC