Search Mailing List Archives
[liberationtech] How to protect users from compelled fake ssl certs?
anthony at cajuntechie.org
Mon Jul 1 20:51:26 PDT 2013
What is the most effective way to protect users against a compelled
fake certificate attack? Since any CA can issue any cert and any US
based CA could probably be compelled to issue a fake CA, how can we
protect against this?
My initial thought would be to publish the certificate fingerprint on
a website and encourage users to verify that what they have matches
every now and then. But this is a huge hassle for users.
Are there any better ways?
Sent from my mobile device
More information about the liberationtech