Those are from TLS 1.3 people who are deliberately breaking compat to break the enterprise monitoring use case, right?
Ah yes, each time an HTTPS site is visited, click through to a screen where a user looks at a field ("Issued by") that is completely arbitrary and attacker-controlled. Got it. :) Perhaps you were being sarcastic, though, in which case I'll show myself to the door...
-
-
an obligatory blast from the past (I mean who doesn't love the name "superfish"). But no, not suggesting reading dialog boxes en masse. If someone were sufficiently motivated, suppose I could envision a Chrome ext warning when connecting to a site signed by a non-built in root.
-
Chrome leverages the OS-level root CA store. What distinguishes a built-in root vs. a user-installed root? And in Windows, the trusted root CA list grows with use of the system as well. For example, a clean Win10 install has a smaller list of trusted root CAs. vs one that's used
- 3 more replies
New conversation -
-
-
This Tweet is unavailable.
-
that wasn't a suggestion, just a reminder of our recent past
End of conversation
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.