[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
On Sat, Sep 03, 2011 at 04:51:49PM -0400, ler762@xxxxxxxxx wrote 4.3K bytes in 111 lines about:
: My understanding is that the issue is common to all 'secured' web
: sites. HTTP is trivially subverted; HTTPS needs a valid cert or the
: user clicking past a "No, I don't care about my security; go there
: anyway" warning before it can be subverted.
Just a fine point here, treat SSL as encryption between you and
something on the other end, not as authentication of the other end (nor
you if have client certs installed).
--
Andrew
pgp key: 0x74ED336B
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk