Ok. tweet thread time! Too long ago I promised to write a screed explaining how much I hated mutual-auth TLS and why. I got distracted, and I wasn't happy with the writing, so here it is in tweet thread form instead! But basically: Client certs and Mutual-Auth TLS is TERRIBAD.
I take your point, but are you seriously be replying to "the wrong tool for the job" with a link to ... PHP?
-
-
I've had this conversation many times in the past year or so, so to save us both time, can I just link to the most succinct discussion instead of engaging in a rehash?
-
("This conversation" meaning "General disdain for PHP especially from security professionals".)https://github.com/google/tink/issues/104 …
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.