[cryptography] This is bad. THis is really bad. (Isn't it?)

Dave Howe davehowe.pentesting at gmail.com
Wed Nov 25 09:16:23 EST 2015

On 25/11/2015 12:59, Florian Schütz wrote:
> This is true for Chrome and, I think, for Firefox as well. Some
> enterprises insist on MITMing TLS connections at a proxy, and at least
> Chrome will not break this. They argue if they were to strictly
> enforce Pins, people would just switch to a more permissive browser. I
> agree with their line of thought.
Yup. Firefox of course isn't aware of this Dell key, as it is in the
windows keystore, so will fail to validate such a certificate....

More information about the cryptography mailing list