[Openid-specs-fapi] Issue #184: Privacy implications of oauth-mtls due to tls 1.2 sending client certs unencrypted (openid/fapi)
issues-reply at bitbucket.org
Thu Nov 1 09:40:32 UTC 2018
New issue 184: Privacy implications of oauth-mtls due to tls 1.2 sending client certs unencrypted
This blog post has appeared recently:
Assuming it is correct this seems to have implications for privacy when following the FAPI specs, particularly part 2. Probably mainly in the case where a mobile device is doing dynamic client registration. We should probably mention this privacy consideration.
More information about the Openid-specs-fapi