Roy Badami [ARCHIVE] on Nostr: 📅 Original date posted:2013-03-03 📝 Original message:> (The reason for this is ...
📅 Original date posted:2013-03-03
📝 Original message:> (The reason for this is that (many? most? all?) CAs verify authority
> by having you place a file at some HTTP path on the domain in
> question.
IME most CAs verify by emailing hostmaster/webaster@ or one of the
contacts in the WHOIS. But you're right, still subject to a MitM.
Still better than nothing though.
I would have suggested an EV cert, but that's more expensive (and
still far from foolproof)
> Basically only helps with the evil hotspot/tor_exit problem.
Also helps protect against DNS spoofing attacks, but yes, you're
right. I should be checking GPG sigs but I'm lazy :-)
roy
Published at
2023-06-07 11:34:08Event JSON
{
"id": "5719a694a674b39e5f3782cc490658b395b29206d4536258fc4c645dc7c36a5c",
"pubkey": "58f160e0dbc661605704b190e36f5199f881c861e53763c7057e6bc0c13e6950",
"created_at": 1686137648,
"kind": 1,
"tags": [
[
"e",
"d501a2fc7872792c5f5a24df0b230219bcadf7aceaf9b1184cff6e05063b4a89",
"",
"root"
],
[
"e",
"9012f06d5e20b6773d50d905b9d2de47b8d78879654bc706a3b794b155f2fca8",
"",
"reply"
],
[
"p",
"4aa6cf9aa5c8e98f401dac603c6a10207509b6a07317676e9d6615f3d7103d73"
]
],
"content": "📅 Original date posted:2013-03-03\n📝 Original message:\u003e (The reason for this is that (many? most? all?) CAs verify authority\n\u003e by having you place a file at some HTTP path on the domain in\n\u003e question.\n\nIME most CAs verify by emailing hostmaster/webaster@ or one of the\ncontacts in the WHOIS. But you're right, still subject to a MitM.\nStill better than nothing though.\n\nI would have suggested an EV cert, but that's more expensive (and\nstill far from foolproof)\n\n\u003e Basically only helps with the evil hotspot/tor_exit problem.\n\nAlso helps protect against DNS spoofing attacks, but yes, you're\nright. I should be checking GPG sigs but I'm lazy :-)\n\nroy",
"sig": "64b664250db4b0f1f15493717cecd03a15fbdd88c145d1465a7c3ad7c770a9bbcc103889223b1486b5ab6fa312c29675daa72e11aaa07e09d12802fb5139c66f"
}