DOD has their own root certificate so that they control the keys to it. If you control a root certificate installed on a machine because of the chain of trust you control that machines ability to identify what it's connecting to.
Someone told me on here that it was deliberate — that they self-sign their certs for some technical security reason that I did not quite grasp. E.g. not negligence but a peculiar way of doing IT security. Or something.
-
-
-
The DOD doesn't trust a 3rd party company to secure their connections (as happens with most websites) so they have to use their own. Equally you can install the DODs root certificate, but then they have the ability to imitate any server you may be connecting to.
End of conversation
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.