Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WGLC Issue: Watson #63

Closed
seanturner opened this issue Jun 16, 2020 · 1 comment
Closed

WGLC Issue: Watson #63

seanturner opened this issue Jun 16, 2020 · 1 comment

Comments

@seanturner
Copy link
Contributor

I've implemented earlier drafts. I do have a concern with the validate API as presented in the draft: it treats empty authenticators as valid, and then returns the identity as a certificate chain that must be validated by the application. Similar APIs have lead to easily foreseeable pwnage. Instead I would recommend the validate API carry out X509 validation against a trust store or validation function and treat the empty authenticator as invalid. That way someone has to think before not checking the certificate returned.
@seanturner seanturner changed the title WGLC Issue: Watsson WGLC Issue: Watson Jun 16, 2020
grittygrease added a commit that referenced this issue Jun 23, 2020
@grittygrease
Address #63
7b62e6f
grittygrease added a commit that referenced this issue Jun 26, 2020
@grittygrease
Merge pull request #64 from tlswg/nick/63
f037e32 
Address #63
@seanturner
Copy link
Contributor Author

Closing this out as it was addressed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@seanturner