To anyone considering MITM certs, even for AV, etc.: By doing this, you are completely disabling the browser's ability to detect forgery.
@matolucina That's utterly awful and a huge new attack surface. WHY do people think ideas like this are respectable?https://twitter.com/matolucina/status/669537987634585601 …
-
-
@RichFelker Ah, but what if you (the user) own and thus trust the *proxy*, but don't own/trust/fully control the *browser*? -
@matolucina Yes this happens with appliances with emb. browsers (think Chromecast) but fixing them isn't worth killing the whole trust model -
@matolucina Ultimately the endpoint (browser box) has full control over what it trusts/does, and can circumvent anything short of mod'ing it -
@matolucina The fix for malicious embedded endpoints it not to MITM them (they can stop this) but to mod or replace them with open hw/FOSS.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.