[HTTPS-Everywhere] what does HTTPS-Everywhere consider a "valid" X.509 certificate? [was: Re: Custom rules]

Chris Palmer chris at noncombatant.org
Fri Oct 15 12:50:51 PDT 2010

Previous message: [HTTPS-Everywhere] what does HTTPS-Everywhere consider a "valid" X.509 certificate? [was: Re: Custom rules]
Next message: [HTTPS-Everywhere] what does HTTPS-Everywhere consider a "valid" X.509 certificate? [was: Re: Custom rules]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> <ruleset name="Reddit" match-cn="no" trusted="yes">

This would allow any server with a valid, trusted-CA-issued certificate
issued to any subject to authenticate as reddit.com. That is badder than the
status quo.


--
http://noncombatant.org/

Previous message: [HTTPS-Everywhere] what does HTTPS-Everywhere consider a "valid" X.509 certificate? [was: Re: Custom rules]
Next message: [HTTPS-Everywhere] what does HTTPS-Everywhere consider a "valid" X.509 certificate? [was: Re: Custom rules]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the HTTPS-everywhere mailing list