Re: Verified Javascript for WebAppSec re-chartering? from Ben Laurie on 2014-09-24 (public-web-security@w3.org from September 2014)

From: Ben Laurie <benl@google.com>
Date: Wed, 24 Sep 2014 15:15:20 +0100
To: Mike West <mkwst@google.com>
Cc: Harry Halpin <hhalpin@w3.org>, public-webappsec-request@w3.org, "public-web-security@w3.org" <public-web-security@w3.org>
Message-ID: <CABrd9SRCNGZZvJo4-Y9D8O_H3DD6oiaL4ex41Zk0NpRugCx++g@mail.gmail.com>

On 24 September 2014 15:08, Mike West <mkwst@google.com> wrote:
> On Wed, Sep 24, 2014 at 3:41 PM, Ben Laurie <benl@google.com> wrote:
>> That said, a CT-like mechanism could help with all of these cases.
>
> I totally agree with the benefit of a CT-like mechanism for extensions, and
> I guess I could get behind a CT-like mechanism for particular code snippets
> (though there's a huge difference in scope between compiling a list of all
> the certs ever vs all the code snippets ever).

Indeed, there are many details that need to be ironed out!

Received on Wednesday, 24 September 2014 14:15:48 UTC