Browsers that treat locally-added CA certs equivalent to builtin ones are complicit in malicious AV and firewall products' attacks on users.
@bmastenbrook Yes, but just making it clear to the user that the source of trust is a locally-installed CA would be even more helpful.
-
-
@richfelker don't disagree; I'm just pointing out that the current situation is also bad for legitimate local CA uses too -
@bmastenbrook Ah, yes, I agree completely then.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.