Apps/WebApplicationReceipt/GenerationService: Difference between revisions

Jump to navigation Jump to search

Apps/WebApplicationReceipt/GenerationService (view source)

Revision as of 22:05, 28 March 2012

225 bytes added ,  28 March 2012
→‎Appendix B: How to distribute the public keys?
Line 66: Line 66:


Rather than invent a new scheme, mhanson proposes to use an RFC5785-style ".well-known" file, containing a LINK with a REL of "receipt-verification-keys", which points to a file containing an array of [http://tools.ietf.org/id/draft-jones-json-web-key.txt JSON Web Keys].
Rather than invent a new scheme, mhanson proposes to use an RFC5785-style ".well-known" file, containing a LINK with a REL of "receipt-verification-keys", which points to a file containing an array of [http://tools.ietf.org/id/draft-jones-json-web-key.txt JSON Web Keys].
We also need to advertise the serial number/fingerprint of revoked keys, in perpetuity.  This should follow a similar scheme (same file, or different file?  are the operational considerations different for these two lists?)


== Comments / Concerns / Clarification Needed ==
== Comments / Concerns / Clarification Needed ==
Mhanson
348

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/413383"

Navigation menu