Is it possible for js running in the browser to query properties of the cert for the connection resources were retrieved over?
Obviously a MITM could replace the js even if it could, but it would make their lives much harder & foil the usual AV/ent crap.
-
-
Anyway, seems like this a feature we should be lobbying browser vendors for.
-
Lobby them to stop supporting interception via local certificate store for HPKP or at least add a way to opt-out.
- End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.