> From: Bill Ricker [mailto:bill.n1...@gmail.com] > > tl;dr - Google HTTPS *is* safe from MITM but *only* with Chrome so > far. Rest of HTTPS not as much.
I'm not following you here. > If the hacker with control of the WiFi AP is working for an > organization with control of any of the many Root CA certs built into Careful there. While it's true that anybody can successfully perform MITM who has control of a root CA that's trusted by your browser, *and* it's been known to occur in reality sometimes, it is somewhat rare and unusual. Default root CA lists in modern OSes and browsers don't include China Post, or whatever you said, and other such sketchy CA's. _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
