In the context of TLS, what can be done to detect a MITM by *subdomain1.example.com <http://subdomain1.example.com>* of *example.com <http://example.com>*?
Can the TLS checks fail (assuming cname contains wildcard)?. Let's say public key pinning isn't used. I could think of *blacklistedSubjectAlternativeName* such that they serve as an overriding *blacklist of SANs*. This may reinforce: - explicit intent - protection insider compromise/threats - undermine a controlling entities' *theoretical* powers
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
