lol I never realised I'm actually on some other site this entire time
What's up with the anti-https shills?
Chase Howard
Isaiah Roberts
use tor / the direct ip if you want to avoid MITMflare.
Xavier Perez
No, this is default, and actually needed to keep safe, so 99,99% of cases.
Jack Walker
I'm not sure I understand. What is your rationale?
Matthew Torres
Different user. Certificate pinning I suppose so even an entity like a certificate authority cannot arbitrarily craft new certs to mount attacks against specific people, but this kind of shit is rather something that concerns people like Assange so I can't see how it is necessary for ordinary people. Correct me if I'm wrong though.
Aaron Morales
Oh yeah let's throw real security out the window because "it only concerns assange". A CA could MITM 1 million bank users until someone notices. If these people had the actual public key of their bank instead of some vague bullshit (domain name), this wouldn't be a possible attack.
it doesn't matter, what i described was the most simple example of the attack. no matter how you slice it, this attack will always exist as long as we use fake crypto like relying on X509 to tell us what "the real public key" is
Landon Brown
Did you not read the post you replied to. Certificate pinning aims to help solve that issue.
Connor Bennett
Certificate pinning is a very shitty solution.
Carson Anderson
What about certificate transparency
Isaac Jones
...