Re: [whatwg/fetch] Allow connection reuse for request without credentials when TLS client auth is not in use (#341) from Tim Seaward on 2017-08-26 (public-webapps-github@w3.org from August 2017)

From: Tim Seaward <notifications@github.com>
Date: Sat, 26 Aug 2017 17:09:30 +0000 (UTC)
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/341/325147771@github.com>

My nagging thought here is, with the coming of TLS 1.3, will export material be available to clients in some programmable fashion? If so would this allow some "other" code that is reusing the connection to gain access to material that is potentially used to key/protect secret data? Would it basically make the "connection based" export key material "public" to anything running in the context?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/341#issuecomment-325147771

Received on Saturday, 26 August 2017 17:09:55 UTC