On 2011-09-08 22:12, Kevin Chadwick wrote:
On Thu, 08 Sep 2011 20:37:46 +0200
polishcode wrote:
On the other hand, Opera browser does not contain info on CA's. In order
to check a certificate path, it "consults" Opera's server, which is a
central (and the only one) place to hold such info.
Does it use a secure connection for this? Also what else is opera
transmitting, we have no idea as it is closed source?
Please refer to the link I supplied above:
http://my.opera.com/securitygroup/blog/2011/08/30/when-certificate-authorities-are-hacked-2.
What else could it transmit? Everything or nothing.
Another thing is that I understand the blog post describes desktop
version of the browser. What about Opera mini/mobile? Hmmm, I am not
sure, but (only) suppose it should work the same way.
BR,
polishcode
--
You received this message because you are subscribed to the Google Groups "Android
Security Discussions" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/android-security-discuss?hl=en.
