[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)

On Sat, Sep 03, 2011 at 04:51:49PM -0400, ler762@xxxxxxxxx wrote 4.3K bytes in 111 lines about:
: My understanding is that the issue is common to all 'secured' web
: sites.   HTTP is trivially subverted; HTTPS needs a valid cert or the
: user clicking past a "No, I don't care about my security; go there
: anyway" warning before it can be subverted.

Just a fine point here, treat SSL as encryption between you and
something on the other end, not as authentication of the other end (nor
you if have client certs installed).

pgp key: 0x74ED336B
tor-talk mailing list