Full Disclosure mailing list archives
Re: Firefox 2.0.x: tracking unsuspecting users using TLS client certificates
From: Alexander Klink <a.klink () cynops de>
Date: Sat, 8 Sep 2007 00:04:11 +0200
Hi Peter, On Fri, Sep 07, 2007 at 08:10:23PM +0200, Alexander Klink wrote:
While I can see the same use here, it seems you are saying anyone could have a look at certificates on your system, while cookies generally are limited to viewing by the issuing domain. What I don't understand is if there is a simple of knowing what certificate to ask for? For this to beNo, you can't really 'ask' for a certificate - the user chooses it (or, in this case, the browser does so automatically).
Hmmm, I stand corrected (from Erik, who else? ;-). TLS actually allows the server to ask for a specific type and/or CA. Best regards, Alex -- Dipl.-Math. Alexander Klink | IT-Security Engineer | a.klink () cynops de mobile: +49 (0)178 2121703 | Cynops GmbH | http://www.cynops.de ----------------------------+----------------------+--------------------- HRB 7833, Amtsgericht | USt-Id: DE 213094986 | Geschäftsführer: Bad Homburg v. d. Höhe | | Martin Bartosch _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Firefox 2.0.x: tracking unsuspecting users using TLS client certificates Alexander Klink (Sep 07)
- Re: Firefox 2.0.x: tracking unsuspecting users using TLS client certificates Eddy Nigg (StartCom Ltd.) (Sep 07)
- Re: Firefox 2.0.x: tracking unsuspecting users using TLS client certificates Alexander Klink (Sep 07)
- Re: Firefox 2.0.x: tracking unsuspecting users using TLS client certificates Eddy Nigg (StartCom Ltd.) (Sep 07)
- Re: Firefox 2.0.x: tracking unsuspecting users using TLS client certificates Brendan Dolan-Gavitt (Sep 07)
- Re: Firefox 2.0.x: tracking unsuspecting users using TLS client certificates Peter Besenbruch (Sep 07)
- Re: Firefox 2.0.x: tracking unsuspecting users using TLS client certificates Alexander Klink (Sep 07)
- Re: Firefox 2.0.x: tracking unsuspecting users using TLS client certificates Arshad Noor (Sep 07)
- Re: Firefox 2.0.x: tracking unsuspecting users using TLS client certificates Erik Tews (Sep 07)
- Re: Firefox 2.0.x: tracking unsuspecting users using TLS client certificates Eddy Nigg (StartCom Ltd.) (Sep 07)
- Re: Firefox 2.0.x: tracking unsuspecting users using TLS client certificates Alexander Klink (Sep 07)
- Re: Firefox 2.0.x: tracking unsuspecting users using TLS client certificates Alexander Klink (Sep 07)