The proposals I’m talking about were suggested by people who wanted to *stop* enterprise people from using static keys (even though it was allowed by the spec), but basically the rest is correct.
-
-
ah, right. I get FF & Chrome policies reversed. Ftr, I'm not at all suggesting this is a good idea, but /if/ someone were to do this, maybe a web service periodically updated with published OS cert lists could seed it? But really, just, no.
-
There was some work put into frameworks where browsers would compare certificates presented to you by websites vs. what other folks were seeing (and compared via fingerprints, as opposed to forgeable human-readable names). https://en.wikipedia.org/wiki/Convergence_(SSL) … Sadly, they've been abandoned.
- 1 more reply
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.