| ▲ | dannyw 5 days ago | |
Yes, but we have widely deployed efforts like certificate transparency, and cert pinning. The first makes such attacks widely known events, browsers report by default, and it s provable. It’s very rare. The second allows apps to only trust specific certs or CAs, ignoring system root of trust. I just want to clarify HTTPS in practice is quite secure. | ||
| ▲ | __MatrixMan__ 5 days ago | parent [-] | |
I'll not let go of my distaste for roots of trust in any form, but you likely have a point. I'll have to learn more about this transparency thing. | ||