|
|
|
|
|
|
by Leace
2659 days ago
|
|
|
SXG is primarily designed for AMP so that the browser can display the origin in the address bar while the content is being served from Google. Currently only one CA provides paid certificates with a special extension so that the cert can be used to sign SXG files [0]. [0]: https://www.digicert.com/account/ietf/http-signed-exchange.p... As for binary transparency it's not enough to stamp the certificate (that's what CT logs do). The artifact would have to be stamped and published in a widely accessible source. Actually Binary Transparency doc published by Mozilla [1] creates a new regular certificate for new published binary thus utilizing CT infrastructure as it is today. [1]: https://wiki.mozilla.org/Security/Binary_Transparency If we're at Mozilla, it's also interesting to see what's their position on SXG [2]. There is only one spec there with that status there. [2]: https://mozilla.github.io/standards-positions/ |
|
|
It seems the real issue at the moment is that it just isn't a high priority for them.