@CodingExon That is, MITM software is exempted. Pros and cons of that, but certainly helps users. Could consider it... // @BRIAN_____
-
-
Replying to @sleevi_
@sleevi_@CodingExon I was wondering about that when I read the code last week.1 reply 0 retweets 0 likes -
Replying to @BRIAN_____
@BRIAN_____@CodingExon Same basic philosophy as HPKP bypass, with serious pain learned from MD5 deprecation. Not ideal, but seems necessary2 replies 0 retweets 1 like -
Replying to @sleevi_
@sleevi_@CodingExon OTOH, that would mean that if you trust any non-built-in cert, you have nearly zero protection from collision attacks.2 replies 0 retweets 0 likes -
Replying to @BRIAN_____
@sleevi_@CodingExon I'm probably overstating that for the general case. But, it's probably true for many "I'll sign anything" MitM proxies.2 replies 0 retweets 0 likes -
Replying to @BRIAN_____
@BRIAN_____@sleevi_@CodingExon MITM proxies does not sign public keys from random users.1 reply 0 retweets 0 likes -
Replying to @yuhong2
@yuhong2@BRIAN_____@CodingExon Subject & extns are usually copied over verbatim1 reply 0 retweets 0 likes -
Replying to @sleevi_
@sleevi_@yuhong2@CodingExon If so then deploying Must-Staple will have similar problems (as mentioned on the TLS list way back).1 reply 0 retweets 2 likes -
-
Replying to @sleevi_
@sleevi_@BRIAN_____@yuhong2@CodingExon you expect MITM to just copy must-staple extension blindly?2 replies 0 retweets 0 likes
@pzb @sleevi_ @yuhong2 @CodingExon Yes: https://www.ietf.org/mail-archive/web/tls/current/msg12785.html …
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.