Re: Verified Javascript for WebAppSec re-chartering?

> > I totally agree with the benefit of a CT-like mechanism for
> > extensions, and I guess I could get behind a CT-like mechanism for
> > particular code snippets (though there's a huge difference in
> > scope between compiling a list of all the certs ever vs all the
> > code snippets ever).
> +1 CT-like mechanism here.

What you could do is include checksums in the website's certificate,
using a certificate extension. That way you could avoid duplicating CT,
although you'd then need a certificate authority to support the
certificate extension in certificate signing requests.

-- Daniel Huigens

Received on Saturday, 27 September 2014 09:25:57 UTC