@BRIAN_____ how do you tell the difference?
-
-
-
@pzb Browsers already have a notion of built-in trust anchors vs. added trust anchors, so to a certain extent, they can already tell. -
@BRIAN_____@pzb no no no. Some browsers have some notion, which is error prone. -
-
@BRIAN_____@pzb _every_ distro has tampered with the root. SPI and CACert on Debian for the longest time, for example. -
-
@BRIAN_____@sleevi_@pzb no, *ware can mutate the Mozilla root store, just like Superfish installer -
New conversation -
-
-
@BRIAN_____ some AV software also MITMs so it can scan SSL. \o/ -
@deadsquid That's something that needs to change. The local system needs to be able to defend itself. AV proxies are too open to abuse. -
@BRIAN_____ no arguments; think it’s a horrible practice and abuse of trust.
End of conversation
New conversation -
-
-
@BRIAN_____ Of course, absolutely no on-device method needs to hijack SSL certs as hijacking can be done at a lower level, before encryptionThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.