I kinda want to go into my local BofA branch and ask for their public key fingerprint and see the look on their faces
-
-
I need to check it before I do my online banking, you see
2 replies 0 retweets 5 likes -
isn't that wrong? iirc both Chrome and FF permit loading same-origin data with different certs?
1 reply 0 retweets 0 likes -
so you'd have to manually set an HSTS pin, the cert viewer UI wouldn't help against a well-written attack?
1 reply 0 retweets 0 likes -
and last I checked, the cert viewer UI can show stale data even if the full current page was loaded with a diff. cert?
1 reply 0 retweets 0 likes
so browsers' cert UI is only useful for showing a CA's assurance of connection between domain name and org name
1:58 AM - 14 Feb 2017
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.