<p dir="ltr">fear not, mikey d is on it:   </p>
<p dir="ltr"><a href="http://en.community.dell.com/dell-blogs/direct2dell/b/direct2dell/archive/2015/11/23/response-to-concerns-regarding-edellroot-certificate">http://en.community.dell.com/dell-blogs/direct2dell/b/direct2dell/archive/2015/11/23/response-to-concerns-regarding-edellroot-certificate</a></p>
<p dir="ltr">due diligence aside, wats with dell and pfx files?</p>
<p dir="ltr"><a href="https://support.software.dell.com/sonicwall-email-security/kb/sw10754">https://support.software.dell.com/sonicwall-email-security/kb/sw10754</a></p>
<div class="gmail_quote">On Nov 25, 2015 10:39 AM, "Jeffrey Walton" <<a href="mailto:noloader@gmail.com">noloader@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Wed, Nov 25, 2015 at 9:16 AM, Dave Howe<br>
<<a href="mailto:davehowe.pentesting@gmail.com">davehowe.pentesting@gmail.com</a>> wrote:<br>
> On 25/11/2015 12:59, Florian Schütz wrote:<br>
>> This is true for Chrome and, I think, for Firefox as well. Some<br>
>> enterprises insist on MITMing TLS connections at a proxy, and at least<br>
>> Chrome will not break this. They argue if they were to strictly<br>
>> enforce Pins, people would just switch to a more permissive browser. I<br>
>> agree with their line of thought.<br>
> Yup. Firefox of course isn't aware of this Dell key, as it is in the<br>
> windows keystore, so will fail to validate such a certificate....<br>
<br>
Chrome will fall victim because they use the OS store<br>
(<a href="http://www.chromium.org/Home/chromium-security/root-ca-policy)." rel="noreferrer" target="_blank">http://www.chromium.org/Home/chromium-security/root-ca-policy).</a>..<br>
<br>
Chrome will even break a known good pinset. Priorities of<br>
Constituencies and all the other web/security model goodness<br>
(<a href="http://www.w3.org/TR/html-design-principles/#priority-of-constituencies)." rel="noreferrer" target="_blank">http://www.w3.org/TR/html-design-principles/#priority-of-constituencies).</a>..<br>
<br>
Jeff<br>
_______________________________________________<br>
cryptography mailing list<br>
<a href="mailto:cryptography@randombit.net">cryptography@randombit.net</a><br>
<a href="http://lists.randombit.net/mailman/listinfo/cryptography" rel="noreferrer" target="_blank">http://lists.randombit.net/mailman/listinfo/cryptography</a><br>
</blockquote></div>