2 comments

[ 3.1 ms ] story [ 18.8 ms ] thread
In light of Superfish bundled by Lenovo [1], one realizes HTTPS is at the mercy of ANY of the myriad certificate authorities trusted by your browser.

Instead of your browser complaining when a certificate fails for a given site, it keeps looking for another, valid certificate. How's that for a security model?

Why is Hongkong Post a trusted institution of my browser? I don't want Hong Kong to MITM my communication with any other site.

[1] https://en.wikipedia.org/wiki/Superfish#Lenovo_security_inci...