I kinda want to go into my local BofA branch and ask for their public key fingerprint and see the look on their faces
isn't that wrong? iirc both Chrome and FF permit loading same-origin data with different certs?
-
-
so you'd have to manually set an HSTS pin, the cert viewer UI wouldn't help against a well-written attack?
-
and last I checked, the cert viewer UI can show stale data even if the full current page was loaded with a diff. cert?
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.