What do you mean by deliver and where would the fingerprinting happen (passive network adversary or another request later to the server?)
-
-
-
Another request later to the server. The client is likely to reuse the previous, cached, but unique certificate.
- 2 more replies
New conversation -
-
-
I think HSTS fingerprinting is already a thing, paired with single use subdomains
-
Yes, but HSTS is specific to HTTP.
- 2 more replies
New conversation -
-
-
Funnily enough I wrote about this in the privacy considerations for our delegated credentials draft https://tools.ietf.org/html/draft-ietf-tls-subcerts-03#section-5.3 …
-
^- answer is yes, and this is one reason that
@torproject does not respect certificate pinning, because it could be used as a tracking technique. - 1 more reply
New conversation -
-
-
Sounds kind of how token binding came about?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
The client doesn't tell the server what cert it has received. TLS does have various resumption features which are effectively "cookie-like".
-
the client does tell the server what cert it received, usually when the cert validation fails. In Https://tools.ietf.org/html/draft-ietf-tls-subcerts-03#section-5.3 …, the server can probe clients with certs having different validity. Another case is with hpkp, where a server has a report uri and can use different certs
- 7 more replies
New conversation -
-
-
I would bet that it it works perfectly. I came across Firefox validation issues that are triggered by Firefox certificates caching: it favors certificates in the cache over the one received by the server.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.