On Mon, Jan 12, 2009 at 2:02 AM, Jean-Marc Desperrier <jmd...@alussinan.org> wrote: > Daniel Stenberg wrote: >> >> [...] >> I've been curious on how these devices deal with self-signed >> certificates. Does anyone know? >> >> I mean does it hide them the same way or does it generate fake >> self-signed ones for those? > > Hum, hum. So helping user detect MITM attacks could be as simple as telling > them to go to "https://self-signed.mozilla.com"; and telling them that if > they get no warning then their https access is hijacked ? ;-)
This assumes that the vendors haven't figured out how to put the CAs that they want to proxy for in something like OpenSSL_load_verify_locations(). However, this would normally also create a proxy error, which would also be detectable by the end-user... if they know how to interpret proxy result codes. -Kyle H _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
