Extending the Code Verify concept with a PKI

[shaih]

I wrote a short note with some thought of how to extend the CV concept to provide better assurance to end users, using a PKI similar to what exists for TLS. Such PKI could allow developers to describe the functionality of their web applications, auditors to vouch for the implementation of these applications, and end-users to access that information. See https://shaih.github.io/pubs/webapps.pdf

I believe that this direction can make a real difference in web security, well beyond just Meta applications.