I kinda want to go into my local BofA branch and ask for their public key fingerprint and see the look on their faces
so you'd have to manually set an HSTS pin, the cert viewer UI wouldn't help against a well-written attack?
-
-
and last I checked, the cert viewer UI can show stale data even if the full current page was loaded with a diff. cert?
-
so browsers' cert UI is only useful for showing a CA's assurance of connection between domain name and org name
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.