Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] comcast wifi question

> From: at [mailto:discuss-
> at] On Behalf Of Bill Ricker
> On Tue, Nov 11, 2014 at 6:50 PM, Richard Pieri <richard.pieri at>
> wrote:
> > Nutshell version: pinning is what SSH has been doing with host keys since
> > the get-go.
> Yes, that.
> ( Can't imagine why this wasn't done day 1 for HTTPS also unless they
> thought the initial set of CAs would have indefinite oligopoly. )

Maybe I missed your point - Pinning is impractical for two reasons, which is really one reason:  There's the initial trust issue, and a re-assertion of the initial trust issue every time the server changes their key.  It is normal for a server to change their cert from time to time, and it is also normal for a client to browse to this site for the first time.

It is funny, that Google, Apple, Mozilla all have these crazy ridiculous list of CA's that they trust.  And ironic that Microsoft is the only one who's reasonable.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /