> upgrading to mutual TLS within that TLS connection
I was excited about this, until I realized from the spec that it isn't actually tunneling TLS-in-TLS to avoid the broken-as-designed MITM boxes, it just sounds like it's using the same TLS stream that's already been compromised.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Re: tokbind, mtls, tls 1.3's new dance
Date: 2022-05-16 09:46 pm (UTC)I was excited about this, until I realized from the spec that it isn't actually tunneling TLS-in-TLS to avoid the broken-as-designed MITM boxes, it just sounds like it's using the same TLS stream that's already been compromised.