- From: <henry.story@bblfish.net>
- Date: Mon, 21 Sep 2015 15:40:43 +0100
- To: public-webid <public-webid@w3.org>
- Cc: Martin Thomson <martin.thomson@gmail.com>
There is some interesting work going on in the TLS WG, which should allow a client to specify that the certificates requested for example contained a Subject Alternative Name or an Issuer Alternative Name in the form of a dereferenceable URI . We'd just need to specify an OID for an extension, which in our case could just be set as a flag I suppose (I don't have much expereince with extensions and OIDs) https://github.com/tlswg/tls13-spec/pull/209 This would allow us then to close http://www.w3.org/2005/Incubator/webid/track/issues/62 Simultaneously on the HTTP WG there is an interesting discussion of what if any problems HTTP/2.0 poses for TLS authentication I am a bit surprised, but it may look like there really is not a real problem: https://lists.w3.org/Archives/Public/ietf-http-wg/2015JulSep/0377.html Henry Social Web Architect http://bblfish.net/
Received on Monday, 21 September 2015 14:41:14 UTC