Date: Fri, 18 Sep 2015 10:34:35 -0400 From: Nathan Dorfman <na@rtfm.net> To: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= <des@des.no> Cc: freebsd-security@freebsd.org, freebsd-questions@freebsd.org Subject: Re: HTTPS on freebsd.org, git, reproducible builds Message-ID: <20150918143434.GB15068@vane> In-Reply-To: <86k2rnddqk.fsf@nine.des.no> References: <CAD2Ti2_YNkNi2b=PzFCwu3PVaP8hOzADys3=-k0AqvsDRhJpzA@mail.gmail.com> <alpine.LRH.2.11.1509180646470.14490@nber4.nber.org> <86r3lvdeah.fsf@nine.des.no> <1442584818.1834563.387314497.1AD169D2@webmail.messagingengine.com> <86k2rnddqk.fsf@nine.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Sep 18, 2015 at 04:05:39PM +0200, Dag-Erling Smørgrav wrote: > Then again, if you have the means to mount a MITM attack you probably > have the means to get a valid certificate. If you're that paranoid, there's a nice Firefox extension called CertPatrol that will alert you to any changes in the certificate's details, or if you prefer, just the CA chain. Obviously, it won't help you on the first visit -- it's an advanced version of ssh's known_hosts. -nd. > DES > -- > Dag-Erling Smørgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150918143434.GB15068>