Re: secure HTTPS redirect - encoding a new trust anchor?

On 13 August 2015 at 07:57, Kent Watsen <> wrote:
> I'm good with an over-the-top solution, but do you think we can cleanly
> embed a certificate in the message body of an HTTP redirect message? -
> what would the Content-Type be?    If not, then we'd have to define an
> explicit resource to get the secure redirect information (both the
> hostname and certificate) - this is definitely doable, though it seems a
> bit clumsy, what do you think?

I don't think that you want to use a redirect.  How about plain old
JSON with a shiny new content-type of your own invention:

   "gohere": "https://url.example...",
   "butfirstusethese": {
     "trustanchors": "a PEM-encoded certificate",

That's not generic, but it's not unreasonable for the device to
natively support a little more protocol machinery in order to avoid
having to be manually configured.

p.s., Ted pointed me at:, it seems
like you have most of the infrastructure there already.

Received on Thursday, 13 August 2015 16:34:37 UTC