- From: Fozi <notifications@github.com>
- Date: Wed, 12 Aug 2015 06:57:03 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Message-ID: <whatwg/fetch/issues/98/130314291@github.com>
@sleevi I still think your connection pooling argument is void, even if you use SNI you can't pool connections together with other connections to different domains even if they connect to the same host, cert pinning or not. If you do you are connecting to domain B with domain A's certificate (because that's what you got from the pool) without ever seeing domain B's cert. Reconnection or at least renegotiation would be necessary anyways, and at that point cert pinning can happen. I'm not sure what exactly you are referring to with "explicitly bad behaviour". I was being sarcastic with the evil MITM. I agree that this feature is limited use but I also believe that it is also an essential security feature for a small set of use cases that can't be done otherwise. I'd like to work together with you and everyone else to work out an interface that is less of a "footgun". As I wrote in my first post, this is similar to HPKP but it is using a different angle so I think it's complementing it. I don't think your comparison with the user passwords is valid. The user's password is the user's data and he should be in charge of it. However, if I provide a service to the user (like OpenID) then the user is not entitled to the service at any cost, I can set up rules and regulations for the usage of it. If I decide that I require the user to directly connect to my authentication endpoints than that is my right as service provider and so is my right to deny the user access to my service if he does not comply on the grounds of being unable to the security of the users would expect. I think this is actually good for the user. You also seem to have misunderstood what I said about the root certificates. What I meant was not malware or tools like Fiddler running on the user's machine, I was referring to root certs that have been compromised, like the Comodo or the Diginotar incidents or simply certs I'd rather not trust. --- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/98#issuecomment-130314291
Received on Wednesday, 12 August 2015 13:57:45 UTC