[bisq-network/proposals] API security (#69)
Florian Reimair
notifications at github.com
Wed Jan 23 13:35:08 UTC 2019
now that I think of it, one could use certificate authentication instead of JWT
this has several advantages:
- mobile phones grow more and more towards offering an embedded secure element. I.e. a mobile phone can use its secure element to store the certificate
- does client authentication in TLS/SSL needs to be a fully-fledged domain certificate? if so, one can just implement a challenge-response thingy for authentication
- certificate pinning can get your authentication sorted
- one can use the certificate pinning stuff for localhost access as well
- did I miss anything?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/proposals/issues/69#issuecomment-456803110
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20190123/27dc4371/attachment.html>
More information about the bisq-github
mailing list