Could a server deliver single-use TLS certificates (signed by a sub-CA) in order to fingerprint clients? What would prevent this?
-
-
Replying to @jedisct1
What do you mean by deliver and where would the fingerprinting happen (passive network adversary or another request later to the server?)
1 reply 0 retweets 1 like -
Replying to @iangcarroll
Another request later to the server. The client is likely to reuse the previous, cached, but unique certificate.
1 reply 0 retweets 0 likes -
Replying to @jedisct1
Think I’m missing how you “re-use” a server certificate — session resumption, or? And how would a server detect such a re-use?
1 reply 0 retweets 1 like
Replying to @iangcarroll
Using the sub-CA. I’ll try to write a PoC.
6:25 AM - 20 Oct 2019
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.