PSA: Chrome changed its bypass keyword again, from badidea to thisisunsafe.
Show this thread
Why do I use it? Because I distrust most CAs I don't need. I would rather risk MITM by anyone for an odd reference site I don't care about once in a while (explicitly acking the risk with the keyword) than grant hundreds of CAs the authority to silently MITM me where it matters.
-
-
Of course, ideally the secure Web wouldn't be a backwards mess and untrusted/self-signed certs would merely be treated the same as HTTP, then I wouldn't need to do this.
Show this thread -
(I guess I'll no longer be reminded of
@0xabad1dea every time I come across a site with an oddball CA now!)Show this thread
End of conversation
New conversation -
-
-
I see I'm not the only one who does this. You remind me, I should go and check if I've gotten any new CAs added by the last few months of OS/browser patches...
-
On Gentoo, for OpenSSL stuff, I have a custom hook that uses a whitelist (not blacklist) of names to filter the ca-certificates package. NSS is separate, though, so yeah, I should check my Chrome certs list too...
End of conversation
New conversation -
-
-
Made considerably worse, I think, by the fact that all trusted CAs are allowed to sign certs for any domain. So if any one CA is compromised the entire card house collapses.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
If I had to ask why you use it, my question would be "why are you still using Chrome?"
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.