|
Full Disclosure
mailing list archives
Re: Firefox 2.0.x: tracking unsuspecting users using TLS client certificates
From: Arshad Noor <arshad.noor () strongauth com>
Date: Fri, 7 Sep 2007 10:04:53 -0400 (EDT)
Alex,
Do you presume that the websites in the domains that you intend
to track users will install the self-signed CA certificate that
issued the client-certificate to the unsuspecting user? If not,
how will the browser know which client certificate to send to
the website during client-auth? And what happens to the users
who do not have have client-certs issued by this CA when they
attempt to connect to the site?
Arshad Noor
StrongAuth, Inc.
----- Original Message -----
From: "Alexander Klink" <a.klink () cynops de>
Tracking visitors in an unnoticed way over several domains is typically
not as easy as this, I believe.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Re: Firefox 2.0.x: tracking unsuspecting users using TLS client certificates, (continued)
Re: Firefox 2.0.x: tracking unsuspecting users using TLS client certificates Peter Besenbruch (Sep 07)
Re: Firefox 2.0.x: tracking unsuspecting users using TLS client certificates niclas (Sep 09)
|
Intro
