W3C home > Mailing lists > Public > public-webauthn@w3.org > May 2017

Re: [webauthn] Protect against TLS MiTM by including TLS cert chain in signature

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Wed, 17 May 2017 15:29:00 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-302127310-1495034939-sysbot+gh@w3.org>
I agree that MITM/replay protection is important but this approach is (not immediately obviously) complex as noted by @agl and implied by @sampaths. Token binding / Channel ID / TLS Channel binding are all _more-or-less_ standardized-and-implemented approaches and I'm thinking we should rely on them at our specification level, and work to usher along implementations as we can. 

GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/391#issuecomment-302127310 using your GitHub account
Received on Wednesday, 17 May 2017 15:29:07 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:26 UTC