https://bugs.kde.org/show_bug.cgi?id=415646
Bug ID: 415646 Summary: allow to view sha256 hash of unknown certificates Product: Falkon Version: 3.1.0 Platform: Other OS: Linux Status: REPORTED Severity: major Priority: NOR Component: general Assignee: now...@gmail.com Reporter: estel...@elstel.org Target Milestone: --- If I visit a site with self signed certificate or if a CA has not been preconfigured I am prompted to accept the certificate of this site. However there is no way to check the validity of such a certificate. This is normally done by comparing the sha256 hash of the cert in use against the hash of a known good cert. A known good cert hash can f.i. be retrieved via DANE: $ drill a.root-servers.net +trusted-key=/usr/share/dns/root.key +topdown +sigchase TLSA _443._tcp.debian.org | egrep -v "^(;.*)?$" _443._tcp.debian.org. 580 IN TLSA 3 1 1 5f33491e2b2d267f7bff096ad0dcb4ae5a22c0be19db0ab6728bed942f0719fc It should be possible to view the sha256 hash of a cert before you accept it and it should be possible to store such an exception permanently. For certain use cases it is also necessary to disable all default CAs of libnss3 and to only allow a certain list of hand picked certificates. There are some bad CAs issuing rogue certs among this list and once you accept them your computer can get cracked in the fraction of a second. -- You are receiving this mail because: You are watching all bug changes.