[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Avoiding HTTPS pitfalls [was: Re: Moxie Marlinspike]



On Mon, Feb 23, 2009 at 12:04 PM, Fran Litterio <flitterio@xxxxxxxxx> wrote:
> ...
> This is ok, but I'd also like to be alerted when the certificate changes for
> a site that I regularly visit.

yes.

Tyler's suggestion is a good one.  if you want the certs themselves
authenticated you get to manage them yourself too.  remove all CA's by
nuking libnssckbi.so and only add back those you've authenticated and
trust.

sadly, this is beyond the skills of most people. the PKI cartel lives
another day... :P

best regards,