Ok. tweet thread time! Too long ago I promised to write a screed explaining how much I hated mutual-auth TLS and why. I got distracted, and I wasn't happy with the writing, so here it is in tweet thread form instead! But basically: Client certs and Mutual-Auth TLS is TERRIBAD.
-
Show this thread
Replying to @BRIAN_____
Your critique is totally fair in that I don't have much better to offer; signed requests are hard right now, especially DIY. I mainly encounter these issues as an "Apache SSL" person, so I naturally see only the worst issues but I feel like no other authz system has regexes!
7:08 PM - 29 Oct 2018
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.