fear not, mikey d is on it: http://en.community.dell.com/dell-blogs/direct2dell/b/direct2dell/archive/2015/11/23/response-to-concerns-regarding-edellroot-certificate
due diligence aside, wats with dell and pfx files? https://support.software.dell.com/sonicwall-email-security/kb/sw10754 On Nov 25, 2015 10:39 AM, "Jeffrey Walton" <[email protected]> wrote: > On Wed, Nov 25, 2015 at 9:16 AM, Dave Howe > <[email protected]> wrote: > > On 25/11/2015 12:59, Florian Schütz wrote: > >> This is true for Chrome and, I think, for Firefox as well. Some > >> enterprises insist on MITMing TLS connections at a proxy, and at least > >> Chrome will not break this. They argue if they were to strictly > >> enforce Pins, people would just switch to a more permissive browser. I > >> agree with their line of thought. > > Yup. Firefox of course isn't aware of this Dell key, as it is in the > > windows keystore, so will fail to validate such a certificate.... > > Chrome will fall victim because they use the OS store > (http://www.chromium.org/Home/chromium-security/root-ca-policy)... > > Chrome will even break a known good pinset. Priorities of > Constituencies and all the other web/security model goodness > (http://www.w3.org/TR/html-design-principles/#priority-of-constituencies). > .. > > Jeff > _______________________________________________ > cryptography mailing list > [email protected] > http://lists.randombit.net/mailman/listinfo/cryptography >
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
