@alexstamos @fugueish @newshtwit Real risk is from a forged SHA-1 cert. If attacker has one they'll use it to MitM and bypass cert switching
@alexstamos @fugueish @newshtwit What's the security value of preventing downgrade to a valid SHA-1 cert? The connection is no less secure.
-
-
-
@alexstamos@fugueish @newshtwit Which is why CAs need to STOP issuing SHA-1 certs, so it becomes impossible to create forgeries. - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.