nationwide interception of Facebook & webmail login credentials in Tunisia

Brian Morrison bdm at
Wed Jan 26 11:26:54 GMT 2011

On Wed, 26 Jan 2011 09:18:11 +0000
Mark Lomas <ukcrypto at> wrote:

> May I conduct an informal survey? Who on this mailing list has not
> removed any of the CA certificates that were pre-installed by whoever
> supplied your browser?

Not me. All I have done is add the CACert root certificate so that
some of my own certificates work.

Having said that, I don't ignore any error or warning messages, and I
do quite often check certificate fingerprints. In a widely rolled-out
deployment of SSL the security you gain is there to raise the bar to
compromise, not to eliminate it.


Brian Morrison

More information about the ukcrypto mailing list