Lightweight alternatives to Google Analytics
Lightweight alternatives to Google Analytics
Posted Jun 22, 2020 3:29 UTC (Mon) by pabs (subscriber, #43278)In reply to: Lightweight alternatives to Google Analytics by anarcat
Parent article: Lightweight alternatives to Google Analytics
I guess if web browsers wanted to they could easily mitigate this by pinning each cert to the domain it was created for and only ever sending it to that domain.
Also, I wonder if the client cert is in the clear in the TLS handshake, or if Encrypted Client Hello (new name for ESNI) is needed to hide them.
Posted Jun 22, 2020 14:58 UTC (Mon)
by anarcat (subscriber, #66354)
[Link]
I suspect near-absolutely no one does this...
> I guess if web browsers wanted to they could easily mitigate this by pinning each cert to the domain it was created for and only ever sending it to that domain.
Assuming they cared about client certs at all...
> Also, I wonder if the client cert is in the clear in the TLS handshake, or if Encrypted Client Hello (new name for ESNI) is needed to hide them.
I would assume the worse. ;)
Lightweight alternatives to Google Analytics