In light of Superfish bundled by Lenovo [1], one realizes HTTPS is at the mercy of ANY of the myriad certificate authorities trusted by your browser.
Instead of your browser complaining when a certificate fails for a given site, it keeps looking for another, valid certificate. How's that for a security model?
Why is Hongkong Post a trusted institution of my browser? I don't want Hong Kong to MITM my communication with any other site.
2 comments
[ 3.1 ms ] story [ 18.8 ms ] threadInstead of your browser complaining when a certificate fails for a given site, it keeps looking for another, valid certificate. How's that for a security model?
Why is Hongkong Post a trusted institution of my browser? I don't want Hong Kong to MITM my communication with any other site.
[1] https://en.wikipedia.org/wiki/Superfish#Lenovo_security_inci...