Re: Domains, Subdomains, Etc. from carmen on 2015-01-05 (public-rww@w3.org from January 2015)

From: carmen <_@whats-your.name>
Date: Mon, 5 Jan 2015 05:43:54 +0000
To: public-rww@w3.org
Message-ID: <20150105054354.GA31970@x.clearwire-wmx.net>

> wildcard certs not currently supported?

 expending effort on this front probably isn't worth it, vs other things..

even in HTTPS timing and size of packets leak some info. depending on how determined you are, maybe a decent amount:

http://eprint.iacr.org/2014/959.pdf
http://eprint.iacr.org/2014/724.pdf  both featured at http://fc15.ifca.ai/

one unencrypted port 53 lookup and you might additionally be able to tie what you've gleaned to a particular username,

client-cert support is something that some people complain about..

on public machines , in coffee-shops, libraries or otherwise, how do you login ?
maybe security is lax enough that you can plug in a phone on USB, load the private-key/cert .p12 file and remember to delete it, but..

network-effects of supporting certificate-based single-sign-on might have legs

Received on Monday, 5 January 2015 05:44:48 UTC