We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I've been working with cross-organization mTLS for quite a while and the standard guidance (just do whatever you want) is remarkably terrible.
Would OWASP be interested in publishing a guide on how to do it right that focuses on security, operations, and not emailing certificates around?
The text was updated successfully, but these errors were encountered:
Sure. Not sure if it's best here or as part of the cheat sheet series. Lemme see if I can drum up some other input.
Sorry, something went wrong.
Agree that this sounds like a good Cheat Sheet! Maybe there's even one where this could fit in already?
@MarkSRobinson - Would you mind bring this up as an issue for the OWASP Cheat Sheet Series at https://github.com/OWASP/CheatSheetSeries/issues ? I am both a contributor and reviewer of Cheat Sheets and I think this would be more appropriate there. Thanks.
There is a discussion in the IETF UTA wg about writing specs for mTLS which is missing.
@kwwall Good idea - OWASP/CheatSheetSeries#1492
No branches or pull requests
I've been working with cross-organization mTLS for quite a while and the standard guidance (just do whatever you want) is remarkably terrible.
Would OWASP be interested in publishing a guide on how to do it right that focuses on security, operations, and not emailing certificates around?
The text was updated successfully, but these errors were encountered: