diff --git a/content/crypto/webcrypto-distribution-signing.rst b/content/crypto/webcrypto-distribution-signing.rst
index 8e9bdfa..3bfd030 100644
--- a/content/crypto/webcrypto-distribution-signing.rst
+++ b/content/crypto/webcrypto-distribution-signing.rst
@@ -15,6 +15,9 @@ to trust online software distributions. Put differently, you don't actually
 trust the software authors but are rather trusting the software distributors
 and certificate authorities (CAs).
 
+I've been talking with Richard Barnes last week about that and he suggested
+I publish something to actually discuss this further, so here it is!
+
 Attack vectors
 ==============