Howdy all,
I'm trying to understand the trust flags in the root CA list[1].
According to Bug #605187[2] , the AOL root cert[3] should be removed.
However, it is still in the list and all the flags on it appear to the
be the same as the DigiCert EV cert[4], which is the root cert used by
mxr.mozill
The other way to have a MITM situation is if the CloudFlare network becomes
compromised. The amount of damage a hacker can inflict is significantly greater
now because of both the Universal SSL and Keyless SSL offerings.
To your issue, John, are you requesting a change to the Firefox UI or is
On 10/24/2014 06:14 AM, Hubert Kario wrote:
On Thursday 23 October 2014 14:30:59 John Nagle wrote:
To use Cloudflare you need to transfer the domain to Cloudflare. So it's
hardly a MITM. It's a forward proxy service.
Not quite. You have to aim the DNS at Cloudflare, not transfer the
owner
On Thursday 23 October 2014 14:30:59 John Nagle wrote:
> On 10/23/2014 02:00 PM, Richard Barnes wrote:
> illa and the CA/Browser Forum.
>
> > And I suspect it is related to this:
> > http://blog.cloudflare.com/introducing-universal-ssl/
>
> You're probably right. What Cloudflare provides by
John Nagle writes:
>There's a real risk here. A break-in at any of those sites allows
>impersonating all of them. This creates a huge attack surface.
It's actually a lot worse than that, see "Virtual Host Confusion: Weaknesses
and Exploits" by Antoine Delignat-Lavaud and Karthikeyan Bhargavan
5 matches
Mail list logo
