Would OWASP be interested in publishing a guide on how to do cross-organization mTLS? #991
Comments
|
Sure. Not sure if it's best here or as part of the cheat sheet series. Lemme see if I can drum up some other input. |
|
Agree that this sounds like a good Cheat Sheet! Maybe there's even one where this could fit in already? |
|
@MarkSRobinson - Would you mind bring this up as an issue for the OWASP Cheat Sheet Series at https://github.com/OWASP/CheatSheetSeries/issues ? I am both a contributor and reviewer of Cheat Sheets and I think this would be more appropriate there. Thanks. |
|
There is a discussion in the IETF UTA wg about writing specs for mTLS which is missing. |
|
@kwwall Good idea - OWASP/CheatSheetSeries#1492 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I've been working with cross-organization mTLS for quite a while and the standard guidance (just do whatever you want) is remarkably terrible.
Would OWASP be interested in publishing a guide on how to do it right that focuses on security, operations, and not emailing certificates around?
The text was updated successfully, but these errors were encountered: