PSA: Chrome changed its bypass keyword again, from badidea to thisisunsafe.
Show this thread
-
Why do I use it? Because I distrust most CAs I don't need. I would rather risk MITM by anyone for an odd reference site I don't care about once in a while (explicitly acking the risk with the keyword) than grant hundreds of CAs the authority to silently MITM me where it matters.
Show this thread
Of course, ideally the secure Web wouldn't be a backwards mess and untrusted/self-signed certs would merely be treated the same as HTTP, then I wouldn't need to do this.
-
-
(I guess I'll no longer be reminded of
@0xabad1dea every time I come across a site with an oddball CA now!)Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
*monkey's paw curls* they're now treated the same, but not the way you wanted
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I would love to have a state where all WAN traffic is encrypted by default (block outbound port 80 at the border), then just have an indicator showing the level of trust associated with the key
-
And make this overridable: for example, if you trust a particular self-signed cert you can pin that key as legit without the overhead of setting up a private PKI just to run the admin page on some embedded gizmo
- Show replies
New conversation -
-
-
Look into what the beaker browser is doing with Dat. URL is a public key so no worries about certificate authenticity.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.