Could a server deliver single-use TLS certificates (signed by a sub-CA) in order to fingerprint clients? What would prevent this?
Another request later to the server. The client is likely to reuse the previous, cached, but unique certificate.
-
-
Think I’m missing how you “re-use” a server certificate — session resumption, or? And how would a server detect such a re-use?
-
Using the sub-CA. I’ll try to write a PoC.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.