Re: Question: secure third-party attestations about web sites ?

On 29 April 2015 at 08:41, Mark Watson <watsonm@netflix.com> wrote:
> So my question is whether there is any ongoing work, or if it even makes
> sense, for UAs to play a role in secure delivery of such third-party
> attestations to users ? (I would expect it to be a long-term project - I'm
> not thinking about quick-fixes here).

I'm not aware of ongoing work, but I'll note that it is more likely a
protocol question and perhaps better pursued in another venue, like
the IETF (though perhaps once a certain level of maturity is reached).

I can imagine something akin to OCSP stapling working: a signed
construct that is presented alongside the other credentials offered by
a site.

Received on Wednesday, 29 April 2015 16:28:27 UTC