Because they create a CA that is installed in your trusted root and set to fully-trusted for certificates of any purpose. It can generate MITM certs for any site, sign any binary, etc. Why not just a self-signed non-CA?
-
-
Am I correct in understanding that the problem being solved here is HTTPS communication with localhost? Because if so, who is the would-be attacker?
-
They want to avoid mixed-content warnings in browsers. There is no network attacker in the current implementation.
- 1 more reply
New conversation -
-
This Tweet is unavailable.
-
-
Correct. I'm referring to privacy, not security.
-
Isn't the problem that the Blizzard CA being trusted as a root? Malware could find the private key, then setup a MITM for a bank and the browser would look like everything is secure? All without the malware having admin privileges?
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.