|
Authored by: greed on Sunday, August 19 2012 @ 02:03 PM EDT |
I do the same thing; though I do have my root certificate in equipment I
regularly use.
The other thing I'm seeing these days is, browsers "remembering" which
certificate was present last time you visited a site. This also helps prevent
MITM attacks.
For example, I went to my bank's website yesterday. Got the SSL certificate,
it's valid until May 2013, happily go about my business.
I go back to the site today, and it's a different certificate. Browser alerts
me, saying the certificate has changed--and yet it was no-where near expiry.
Unfortunately, the user interface I saw this with still had some way to go. It
worked very well for those of us who actually know how SSL and the trust chains
work. But, of course, it was just another error message to click
"Whatever, keep going" on for most people.
[ Reply to This | Parent | # ]
|
|
|
|
|