On 1/12/13 7:58 PM, Hannes Tschofenig wrote:
When you bring your own device (like I do), you get tired of clicking through red screens, so you finally download the MitM CA cert, and install it yourself in your trust anchor store. You do it anyway if you've decided to use Firefox.Am 01.12.13 17:49, schrieb Yoav Nir:pretty much every firewall around can now do the MitM thingFor those cases where the system administrator in an enterprise network installs a fake cert in your trust anchor store. For BYOD and other cases this is not possible since it would be indistingushable from an attack*.
The point is, that whether you do or you don't, the server has no say in the matter without the "strict" directive.
Yoav
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
