On 12/12/17 16:37, Peter Wemm wrote:
I think you're missing the point. It is a sad reality that SSL/TLS corporate (and ISP) MITM exists and is enforced on a larger scale than we'd like. But it is there, and when mandated/enforced you have to go through the MITM appliance, or not connect at all. Private CA's generally break those appliances - an unfortunate FreeBSD user in this situation is cut off. How is this better?
This is certainly better for users because it informs the user. Now he has a choice to use a special override key to use MITMed https anyway or refuse, vs. with http he is not informed.
Yuri _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
