@BRIAN_____ Ccorrupt the header from HTTP upgrades... Willing to bet that the majority of sites using it will use noticeably crap certs.
-
-
Replying to @sleevi_
@BRIAN_____ "But TLS1.3 will solve this!" Feels like a way for the transport folks to make an end run around the mixed content folks...1 reply 0 retweets 0 likes -
Replying to @sleevi_
@sleevi_@BRIAN_____ I'm all for opportunistic TLS without certificates. Maybe ECDHE_PSK with fixed key? Just don't have UI/API say secure.1 reply 0 retweets 0 likes -
Replying to @pzb
.
@pzb@BRIAN_____ Why not skip the theatre and help the web just migrate to real security (aka HTTPS://) The complexity/reward for OE is meh2 replies 1 retweet 2 likes -
Replying to @sleevi_
@sleevi_@BRIAN_____ "real" means buying a certificate, right? Protection against passive attacker is a real reward. (my opinion changed)1 reply 0 retweets 0 likes -
Replying to @pzb
@pzb@BRIAN_____ Except the attackers aren't passive - carriers are actively downgrading1 reply 1 retweet 0 likes -
Replying to @sleevi_
@sleevi_ what is your solution for authentication that doesn't cost $$$? /cc@BRIAN_____3 replies 0 retweets 0 likes -
Replying to @pzb
@pzb@sleevi_@BRIAN_____ you can use@CloudFlare's free Universal SSL service. It's awesome if you don't mind the MitM aspect ;)1 reply 0 retweets 0 likes -
Replying to @bascule
@bascule@sleevi_@BRIAN_____ Does@CloudFlare have backend TLS auth with non-publicly trusted certs?1 reply 0 retweets 0 likes -
Replying to @pzb
@pzb@sleevi_@BRIAN_____ I don't believe@CloudFlare offers an option for pinning to e.g. a self-signed public key unfortunately :(2 replies 0 retweets 0 likes
@pzb @sleevi_ @BRIAN_____ @CloudFlare pinning to self-signed keys would be nice, I believe I read somewhere it's supposed to be coming soon
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.