- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Wed, 29 Apr 2015 09:28:00 -0700
- To: Mark Watson <watsonm@netflix.com>
- Cc: www-tag <www-tag@w3.org>
On 29 April 2015 at 08:41, Mark Watson <watsonm@netflix.com> wrote: > So my question is whether there is any ongoing work, or if it even makes > sense, for UAs to play a role in secure delivery of such third-party > attestations to users ? (I would expect it to be a long-term project - I'm > not thinking about quick-fixes here). I'm not aware of ongoing work, but I'll note that it is more likely a protocol question and perhaps better pursued in another venue, like the IETF (though perhaps once a certain level of maturity is reached). I can imagine something akin to OCSP stapling working: a signed construct that is presented alongside the other credentials offered by a site.
Received on Wednesday, 29 April 2015 16:28:27 UTC