-
-
Replying to @tehjh
@tehjh Let http://example.com get an intermediate cert with the ability to generate trusted certs for any .example.com host2 replies 0 retweets 0 likes -
Replying to @jruderman
@jruderman Where http://example.com is the router manufacturer? (The scenario I have in mind is cheap routers in home networks.)1 reply 0 retweets 0 likes -
Replying to @jruderman
@tehjh Assuming you have a secure connection to your router, sending a TTL=1 packet might be enough to ensure only your router responds?1 reply 0 retweets 0 likes -
Replying to @jruderman
@jruderman And then allow all features over HTTP, you mean? Hm, yes, might work. I'm not sure whether you can set TTL without admin access.1 reply 0 retweets 0 likes -
Replying to @jruderman
@jruderman Selfsigned sounds dangerous, don't want to let every router MITM its users anywhere. Cool, didn't know traceroute is non-setuid.2 replies 0 retweets 0 likes
@jruderman What if the user does not actually intend to connect to his router?
-
-
Replying to @jruderman
@jruderman I was thinking about wanting to connect to gmail over an untrusted wifi network or so :P0 replies 0 retweets 0 likes
End of conversation
New conversation
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.