i use https://www.grc.com/fingerprints.htm to verify certs on the client end to make sure i'm not being man in the middled. it would be awesome if this were available as a firefox and chrome plugin that automatically did a check for you and gave you a red or green light.
-- Daniel Sieradski d...@danielsieradski.com http://danielsieradski.com 315.889.1444 Follow me at http://twitter.com/selfagency Public key http://danielsieradski.com/share/ds_public.key On Jul 3, 2013, at 2:41 PM, coderman <coder...@gmail.com> wrote: > On Tue, Jul 2, 2013 at 10:01 AM, Ralph Holz <h...@net.in.tum.de> wrote: >>> DANE: https://tools.ietf.org/html/rfc6698 >>> CAA: https://tools.ietf.org/html/rfc6844 >>> .... >> I wonder whether that would have protected against the Comodo Hacker. It >> seems it depends when and from where the CAA checks are run. > > it would not. Comodo Hacker used the HSM programmatic interfaces > directly to issue certificates, thus bypassing any checks CAA would > imply. > > >> ... >> It's another reason I like DANE and CT better. > > fortunately you don't have to pick one; use both ;) > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at compa...@stanford.edu or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech
-- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech