- From: Serge Egelman <egelman@cs.cmu.edu>
- Date: Wed, 23 Jan 2008 09:37:43 -0800
- To: public-wsc-wg@w3.org
Yes, this begs the question: if not every browser is doing this, will it cause people to switch to the browsers that allow you to proceed? serge Thomas Roessler wrote: > As a cautionary tale why key continuity management isn't easy: I've > got a Linksys wireless router at home, and use HTTPS to access it -- > at least defending against passive attacks when entering passwords. > > The router generates certificates on the fly, and these are dodgy to > say the least. > > Using Firefox 3 b2 (which overall has a reasonably nice interface > for TLS errors!), I now get an error message without any overrides; > apparently, that browser keeps a record of certificate fingerprints, > serial number, and issuers, whereas the linksys router likes to > recycle certificate serial numbers. > -- /* PhD Candidate Carnegie Mellon University "Whoever said there's no such thing as a free lunch was never a grad student." All views contained in this message, either expressed or implied, are the views of my employer, and not my own. */
Received on Wednesday, 23 January 2008 17:39:06 UTC