[Cryptography] On the deployment of client-side certs

Tony Arcieri bascule at gmail.com
Tue Nov 15 16:27:07 EST 2016

On Mon, Nov 14, 2016 at 11:59 PM, Pieter Rogaar <pieter at rogaar.org> wrote:
> In today's threat models, there is also the metadata angle to consider.
> Client certificates are exchanged before the TLS connection is encrypted.
> Therefore, any information in the client certificate is sent in the clear.

Note this is true of TLS 1.2 and earlier, but in TLS 1.3 client
certificates are sent encrypted.

However, short of an origin-bound certificate approach, client certificates
still represent an SOP-violating linkable identifier, and are therefore
undesirable from a privacy perspective.

Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161115/1cf554e6/attachment.html>

More information about the cryptography mailing list