W3C home > Mailing lists > Public > public-webauthn@w3.org > May 2017

Re: [webauthn] Protect against TLS MiTM by including TLS cert chain in signature

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Sun, 07 May 2017 23:21:34 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-299742977-1494199293-sysbot+gh@w3.org>
Browsers (at least Chrome) do not have a concept of the certificate chain for an origin. Pages can be loaded from disk cache, so there might not an active TLS connection at the time that the Javascript is running. Also, as sampaths notes, an origin can have many certificate chains (even at the same time). 

GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/391#issuecomment-299742977 using your GitHub account
Received on Sunday, 7 May 2017 23:21:41 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:26 UTC