What is the most effective way to protect users against a compelled
fake certificate attack? Since any CA can issue any cert and any US
based CA could probably be compelled to issue a fake CA, how can we
protect against this?
My initial thought would be to publish the certificate fingerprint on
a website and encourage users to verify that what they have matches
every now and then. But this is a huge hassle for users.
Are there any better ways?
Thanks!
Anthony
--
Sent from my mobile device
--
Too many emails? Unsubscribe, change to digest, or change password by emailing
moderator at [email protected] or changing your settings at
https://mailman.stanford.edu/mailman/listinfo/liberationtech
