Re: [webauthn] Protect against TLS MiTM by including TLS cert chain in signature

Browsers (at least Chrome) do not have a concept of the certificate chain for an origin. Pages can be loaded from disk cache, so there might not an active TLS connection at the time that the Javascript is running. Also, as sampaths notes, an origin can have many certificate chains (even at the same time). 

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/391#issuecomment-299742977 using your GitHub account

Received on Sunday, 7 May 2017 23:21:41 UTC