Hey all, While reviewing the Origin Signed Responses draft, I noticed that the certificate requirements <https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html#cross-origin-cert-req> section requires the signing certificate to have a specific opt-in to response signing while also prohibiting such certs from serving TLS connections. >From a deployment perspective, the second requirement means that an entity which wants to sign packages as well as terminate TLS connections would have to maintain multiple certs for each domain, which will significantly increase complexity. I'm wondering regarding the reasoning behind that second requirement. Why can't certs which opt-in to signing packages also be able to serve TLS? What are the risks involved? Thanks, YoavReceived on Monday, 9 April 2018 11:55:08 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:59 UTC