nationwide interception of Facebook & webmail login credentials in Tunisia
bdm at fenrir.org.uk
Wed Jan 26 11:26:54 GMT 2011
On Wed, 26 Jan 2011 09:18:11 +0000
Mark Lomas <ukcrypto at absent-minded.com> wrote:
> May I conduct an informal survey? Who on this mailing list has not
> removed any of the CA certificates that were pre-installed by whoever
> supplied your browser?
Not me. All I have done is add the CACert root certificate so that
some of my own certificates work.
Having said that, I don't ignore any error or warning messages, and I
do quite often check certificate fingerprints. In a widely rolled-out
deployment of SSL the security you gain is there to raise the bar to
compromise, not to eliminate it.
More information about the ukcrypto