[AusNOG] From across the ditch
Scott Howard
scott at doc.net.au
Thu Apr 25 13:35:00 EST 2013
On Wed, Apr 24, 2013 at 7:14 PM, Shain Singh <shain.singh at gmail.com> wrote:
> > The encryption stuff as noted in the article (surely it's wrong?) is
> both insane and impossible, for all practical purposes - not to mention
> highly undesirable.
>
> What if I was to buy a root CA, wait for it to be updated in all
> browsers, then hand you a certificate for *.facebook.com on the fly?
>
I believe that's covered by the "insane" comment.
If you'd used *.google.com as the sample domain, it would be impossible
(due to Chrome/Firefox'es built in HSTS cache, including CA).
Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130424/03321fc8/attachment.html>
More information about the AusNOG
mailing list