This is a browser bug. Why are browsers not fixing it? Actually supporting custom CA certs at all is a browser bug.https://twitter.com/SwiftOnSecurity/status/668910972782772224 …
-
-
Replying to @RichFelker
Marc-Antoine Ruel Retweeted Ryan Sleevi
@RichFelker In short if you're owned, you're owned. If someone planted a cert they likely did a lot of other thingshttps://twitter.com/sleevi_/status/668911789841608706?s=09 …Marc-Antoine Ruel added,
2 replies 0 retweets 1 like -
Replying to @marcaruel
@marcaruel@sleevi_@SwiftOnSecurity@fugueish But ™ & © can make legal consequences for subverting the browser.1 reply 0 retweets 0 likes -
Replying to @RichFelker
@marcaruel@sleevi_@SwiftOnSecurity@fugueish If Google or Moz had the will, they could make shipping security-stripped ver ™ violation.1 reply 0 retweets 0 likes -
Replying to @RichFelker
@RichFelker@marcaruel@SwiftOnSecurity@fugueish And for the case of many enterprises that have their enterprise trusted root?1 reply 0 retweets 0 likes -
Replying to @sleevi_
@sleevi_@marcaruel@SwiftOnSecurity@fugueish They need to use a CA cert for domains they own, not the root.1 reply 0 retweets 1 like -
Replying to @RichFelker
@RichFelker Sorry, that does not make any sense. Also think of AV inspection. In the end, 10 laws still apply.You own it or don't@marcaruel1 reply 0 retweets 0 likes -
Replying to @sleevi_
@sleevi_@marcaruel MITM is NOT the solution for AV. You need AV on the endpoints. And pref. a priv. model that cripples viruses.1 reply 0 retweets 0 likes -
Replying to @RichFelker
@sleevi_@marcaruel Ppl who do actual security and not snake-oil products know this.1 reply 0 retweets 0 likes -
Replying to @RichFelker
@RichFelker@marcaruel The MITM is *on* the Endpoint. It's the last bastion before code exec. This is user-initiated intentional self-MITM1 reply 0 retweets 0 likes
@sleevi_ @marcaruel There are 2 types of MITM AV; on-endpoint and on-network. But both are the wrong design & subvert https trust.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.