W3C home > Mailing lists > Public > public-webauthn@w3.org > May 2017

Re: [webauthn] Protect against TLS MiTM by including TLS cert chain in signature

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Wed, 17 May 2017 15:29:00 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-302127310-1495034939-sysbot+gh@w3.org>
I agree that MITM/replay protection is important but this approach is (not immediately obviously) complex as noted by @agl and implied by @sampaths. Token binding / Channel ID / TLS Channel binding are all _more-or-less_ standardized-and-implemented approaches and I'm thinking we should rely on them at our specification level, and work to usher along implementations as we can. 

-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/391#issuecomment-302127310 using your GitHub account
Received on Wednesday, 17 May 2017 15:29:07 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:26 UTC