[Servercert-wg] Pilot project on Qualified Web Authentication Certificates (QWACs)
Ben Wilson
bwilson at mozilla.com
Wed Aug 19 12:21:36 MST 2020
Hi Dimitris,
Attached here is somewhat of a counterproposal made by several of the
browsers. It recommends the adoption/use of non-TLS QWACs (nt-QWACs) that
would not have a cryptographic binding to TLS certificates (as opposed to
attribute certificates with bindings to TLS certificates). Because nt-QWACs
would be digitally signed by TSPs, they could be delivered outside of TLS
via DNS TXT records, well-known URIs, or as JSON Web Tokens.
Ben
On Wed, Aug 19, 2020 at 2:01 AM Dimitris Zacharopoulos (HARICA) via
Servercert-wg <servercert-wg at cabforum.org> wrote:
>
> I believe this would be of interest to the WG.
>
>
> https://ec.europa.eu/futurium/en/blog/commission-runs-pilot-project-qualified-web-authentication-certificates-qwacs
>
> From a very quick read and test of the demo site, the validation
> results seem to be sourced from the actual web site that is being
> checked. Do people see specific threats in the validation of this
> information and how it is displayed to the Relying Parties?
>
>
> Thanks,
> Dimitris.
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/servercert-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20200819/c55c7bf0/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: QWACs_ Interoperability Challenges in Binding to Connections instead of Domains.pdf
Type: application/pdf
Size: 126632 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20200819/c55c7bf0/attachment-0001.pdf>
More information about the Servercert-wg
mailing list