[cryptography] "best practices" for hostname validation when using JSSE
Jeffrey at goldmark.org
Fri Aug 9 16:40:11 EDT 2013
On Aug 9, 2013, at 1:49 PM, Tim Dierks <tim at dierks.org> wrote:
> the easiest thing to do is make sure the cert chains up to a root you trust (ideally not system-installed roots, because nobody knows how deep the sewage flows there
I recently had the opportunity to participate (as a relatively silent observer) in a conversion among people who did have an inkling of how deep the sewer flows there. I had known things were bad, but I had no idea of how bad.
Let’s just say I whole-heartedly endorse the idea of pinning your own roots in applications.
More information about the cryptography