Full Disclosure mailing list archives
Re: Firefox 2.0.x: tracking unsuspecting users using TLS client certificates
From: Arshad Noor <arshad.noor () strongauth com>
Date: Fri, 7 Sep 2007 10:04:53 -0400 (EDT)
Alex, Do you presume that the websites in the domains that you intend to track users will install the self-signed CA certificate that issued the client-certificate to the unsuspecting user? If not, how will the browser know which client certificate to send to the website during client-auth? And what happens to the users who do not have have client-certs issued by this CA when they attempt to connect to the site? Arshad Noor StrongAuth, Inc. ----- Original Message ----- From: "Alexander Klink" <a.klink () cynops de> Tracking visitors in an unnoticed way over several domains is typically not as easy as this, I believe. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Firefox 2.0.x: tracking unsuspecting users using TLS client certificates Alexander Klink (Sep 07)
- Re: Firefox 2.0.x: tracking unsuspecting users using TLS client certificates Eddy Nigg (StartCom Ltd.) (Sep 07)
- Re: Firefox 2.0.x: tracking unsuspecting users using TLS client certificates Alexander Klink (Sep 07)
- Re: Firefox 2.0.x: tracking unsuspecting users using TLS client certificates Eddy Nigg (StartCom Ltd.) (Sep 07)
- Re: Firefox 2.0.x: tracking unsuspecting users using TLS client certificates Brendan Dolan-Gavitt (Sep 07)
- Re: Firefox 2.0.x: tracking unsuspecting users using TLS client certificates Peter Besenbruch (Sep 07)
- Re: Firefox 2.0.x: tracking unsuspecting users using TLS client certificates Alexander Klink (Sep 07)
- Re: Firefox 2.0.x: tracking unsuspecting users using TLS client certificates Arshad Noor (Sep 07)
- Re: Firefox 2.0.x: tracking unsuspecting users using TLS client certificates Erik Tews (Sep 07)
- Re: Firefox 2.0.x: tracking unsuspecting users using TLS client certificates Eddy Nigg (StartCom Ltd.) (Sep 07)
- Re: Firefox 2.0.x: tracking unsuspecting users using TLS client certificates Alexander Klink (Sep 07)
- Re: Firefox 2.0.x: tracking unsuspecting users using TLS client certificates Alexander Klink (Sep 07)