- From: Lyor Goldstein <lgoldstein@vmware.com>
- Date: Mon, 3 Mar 2014 05:50:12 -0800 (PST)
- To: <public-webcrypto-comments@w3.org>
I was wondering about the feasibility of the following feature that could benefit from exposing the TLS certification chain: - Server generates a random challenge in the web page - Client signs a hash of the challenge + the full TLS certification chain - as obtained from the javascript DOM model (the proposed enhancement) - Server makes sure that the signature matches - using the client's pre-registered public key and knowledge of its own certificate In effect, we are doing a variation on certificate pinning - even if the MITM has obtained a CA certificate and is able to fool the client into believing that a trusted signed certificate is presented, it cannot convince the server since (a) it does not have the clients private key and (b) the server "knows" which certificate it provided. Therefore, even if the MITM can create a certificate with its own key, it cannot forge the server's certificate (but with its own key), thus the client's signature will not match. P.S. Even leaving this aside - I was wondering why is it such an effort to expose currently loaded page certificate chain (for read-only) ? After all, the browser has this information anyway
Received on Monday, 3 March 2014 22:21:00 UTC