This is a browser bug. Why are browsers not fixing it? Actually supporting custom CA certs at all is a browser bug.https://twitter.com/SwiftOnSecurity/status/668910972782772224 …
@marcaruel @sleevi_ @SwiftOnSecurity @fugueish But ™ & © can make legal consequences for subverting the browser.
-
-
@marcaruel@sleevi_@SwiftOnSecurity@fugueish If Google or Moz had the will, they could make shipping security-stripped ver ™ violation. -
@RichFelker@marcaruel@SwiftOnSecurity@fugueish And for the case of many enterprises that have their enterprise trusted root? -
@sleevi_@marcaruel@SwiftOnSecurity@fugueish They need to use a CA cert for domains they own, not the root. -
@RichFelker Sorry, that does not make any sense. Also think of AV inspection. In the end, 10 laws still apply.You own it or don't@marcaruel -
@sleevi_@marcaruel MITM is NOT the solution for AV. You need AV on the endpoints. And pref. a priv. model that cripples viruses. -
@sleevi_@marcaruel Ppl who do actual security and not snake-oil products know this. -
@RichFelker@marcaruel The MITM is *on* the Endpoint. It's the last bastion before code exec. This is user-initiated intentional self-MITM -
@sleevi_@marcaruel There are 2 types of MITM AV; on-endpoint and on-network. But both are the wrong design & subvert https trust.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.