Re: [w3ctag/design-reviews] Signed Exchanges (#235)

On a separate note, I'd like to see the ability to revoke certificates used for signed exchanges with fine granularity. The use case being where an origin wants to revoke a particular exchange, but not revoke other exchanges that may have been previously published. This would require different certificates to be used for individual signed exchanges.

Perhaps allowing an origin to obtain a CA-generated exchange signing certificate, and then use that certificate as an intermediate used to sign other self-issued certificates that are used to actually sign the individual exchanges.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/235#issuecomment-379425103

Received on Saturday, 7 April 2018 02:13:52 UTC