-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I would very much like to hear that argument; I’m writing a survey of S2S auth schemes and one result is I’m rapidly falling out of love with TLS.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I’ll add to the chorus of curious to see that essay. What comes to mind is key management issues but access and secret keys have to be managed too.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Great idea. Would love to read that essay. Especially regarding the use cases: Is TLS mutual auth not a good idea ever? Or it is not a good idea in some cases? What cases would TLS mutual auth be useful for?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
+1. I was recently encouraging people to avoid it on an internal list. Use of TLS mutual auth or rather client cert authN/Z usually is a sign of a missing richer API or transaction AAA scheme. Session security is conflated for transaction security. Unsafe pinning usually coexists
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.