If a site can install a private key and certificate on two different browsers, then that implies two things: 1. the site has access to the private key - the site can impersonate the browser 2. both browsers have access to the private key - each browser can impersonate the other In particular, the latter means that an identity assertion obtained by one user can be used by a completely different user. -- GitHub Notification of comment by martinthomson Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/1853#issuecomment-385601728 using your GitHub accountReceived on Tuesday, 1 May 2018 05:20:10 UTC
This archive was generated by hypermail 2.4.0 : Saturday, 6 May 2023 21:19:44 UTC