- From: Mitar <mmitar@gmail.com>
- Date: Thu, 25 Feb 2016 23:30:39 -0800
- To: Ángel González <angel@16bits.net>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Hi! On Thu, Feb 25, 2016 at 3:20 PM, Ángel González <angel@16bits.net> wrote: > I was thinking in a list in your certificate window, where you could > input either exact domains or wildcards (eg. *.gov.$CC) But this has a similar problem to current solutions: you cannot build an ecosystem around those certificates. My running example is me wanting to create a petition where I would like people to sign it with their certificates. I would not be able to do that because it would not be running under the .gov website. But maybe an interesting thing would be that sites could request once a permission to access this API and user would be prompted. So something like installing the plugin for Google Hangouts. If user says no, then the site does not have access to the API. So instead of prompting for signing itself, you prompt for accessing the signing API in general. Mitar -- http://mitar.tnode.com/ https://twitter.com/mitar_m
Received on Friday, 26 February 2016 07:31:12 UTC