Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] How to protect users from compelled fake ssl certs?

Anthony Papillion anthony at
Mon Jul 1 20:51:26 PDT 2013

What is the most effective way to protect users against a compelled  
fake certificate attack? Since any CA can issue any cert and any US  
based CA could probably be compelled to issue a fake CA, how can we  
protect against this?

My initial thought would be to publish the certificate fingerprint on  
a website and encourage users to verify that what they have matches  
every now and then. But this is a huge hassle for users.

Are there any better ways?


Sent from my mobile device

More information about the liberationtech mailing list