[HTTPS-Everywhere] what does HTTPS-Everywhere consider a "valid" X.509 certificate? [was: Re: Custom rules]
Chris Palmer
chris at noncombatant.org
Fri Oct 15 23:34:07 PDT 2010
Mike Perry writes:
> Having two flags to represent this distinction, and having all rules
> with valid_ca="false" and matches_cn="false" off by default with a UI
> option to turn them on seems like a great idea to me. That way, users
[...]
> done first, but unless Peter or Seth strongly object, I'd gladly merge
> any patch to do this.
Wait, what? It's late and I've had a lot to drink, so I might be
misunderstanding. It sounds like you would allow a patch to bypass CN
matching.
That's just a bad idea. It means any server can pretend to be the server you
want.
I strongly object... unless I'm just misunderstanding you.
--
http://noncombatant.org/
More information about the HTTPS-everywhere
mailing list