Proposal: Seamless Domain Transitions Using Shared TLS Certificates

[fra-iesus]

Problem

Currently, seamless navigation or resource sharing between different domains is not possible even if both domains share the same TLS certificate. This limitation results in degraded user experience and increased complexity for multi-domain applications. For instance, users often face unnecessary page reloads or session resets when transitioning between domains controlled by the same operator.

Proposed Solution

If two domains share a valid TLS certificate, they should be treated as belonging to the same trusted entity. This could allow for seamless cross-domain transitions, such as:

• Maintaining session state across domains without the need for custom mechanisms (e.g., cross-domain cookies or local storage hacks).
• Enabling browser caching across domains for shared resources.
• Avoiding full page reloads during cross-domain navigation.

This could involve:

1. Extending the HTTP specification to allow session context or caching to be shared between domains with the same TLS certificate.
2. Collaboration with TLS standards to ensure the validity and security of shared certificates.

Why It Matters for HTTP

The proposal would directly impact how HTTP handles sessions, caching, and cross-origin policies. By treating such domains as part of the same entity, it aligns with the principles of seamless and efficient web experiences.

Call to Action

I’d love to hear the community’s thoughts on this idea. Is this feasible within the scope of HTTP? What potential security or privacy concerns would need to be addressed? Would collaboration with the TLS Working Group be necessary for implementing this?

Thanks in advance for your feedback! Lex