Closed TabTwo closed 9 years ago
What would that do?
Would it allow TLSA capable clients to detect if a MITM had occurred even if the MITMer had obtained a CA's key and created an otherwise valid cert for their proxying purposes?
There are a lot of if's there!
I didn't say I thought it would be advantageous to most use cases :)
Are there any cases where it could be problematic?
No, for the same reason there are no actual cases where it would be useful. :)
@TabTwo: If you have a use case that I'm missing let me know, otherwise I will close this issue.
How about adding a TLSA entry for every website?