Re: [webauthn] Protect against TLS MiTM by including TLS cert chain in signature from Adam Langley via GitHub on 2017-05-07 (public-webauthn@w3.org from May 2017)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Sun, 07 May 2017 23:21:34 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-299742977-1494199293-sysbot+gh@w3.org>

Browsers (at least Chrome) do not have a concept of the certificate chain for an origin. Pages can be loaded from disk cache, so there might not an active TLS connection at the time that the Javascript is running. Also, as sampaths notes, an origin can have many certificate chains (even at the same time). 

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/391#issuecomment-299742977 using your GitHub account

Received on Sunday, 7 May 2017 23:21:41 UTC