Re: [webauthn] Protect against TLS MiTM by including TLS cert chain in signature

I agree that MITM/replay protection is important but this approach is (not immediately obviously) complex as noted by @agl and implied by @sampaths. Token binding / Channel ID / TLS Channel binding are all _more-or-less_ standardized-and-implemented approaches and I'm thinking we should rely on them at our specification level, and work to usher along implementations as we can. 

GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at using your GitHub account

Received on Wednesday, 17 May 2017 15:29:07 UTC