| ▲ | hamdingers 4 hours ago |
| Surprised this is downvoted. Chrome forces me to click through a warning to even visit HTTP sites nowadays. |
|
| ▲ | stronglikedan 3 hours ago | parent | next [-] |
| It only does that for me if there's an HTTPS option available but it's expired or not configured correctly. Chrome let me right into this site without that warning. |
| |
|
| ▲ | LtWorf 3 hours ago | parent | prev [-] |
| Yup, very secure. Then every single IT department installs a cert on the machines to MITM everything. |
| |
| ▲ | hamdingers 3 hours ago | parent [-] | | I have no idea what you're trying to say, there's no IT department managing my laptop and none of the IT departments I've worked in or with "MITM everything." Do you want to try again? | | |
| ▲ | pc86 3 hours ago | parent [-] | | On the flip side, every company I've ever worked for has installed trusted company certs on their computers and do MITM everything. | | |
| ▲ | Joker_vD 3 hours ago | parent [-] | | Yep. You apparently need HTTPS for intranet resources too, or you can't develop/use web-apps in Chrome, and since no self-respecting CA would certify your localhost, internal homegrown CA it is, baby — and given the web runs on the lovely model "any CA can attest any website; okay, maybe CAA is not a bad idea"... | | |
| ▲ | NoahZuniga an hour ago | parent [-] | | Even with CAA records, any CA can still create a cert for any website. So if you're worried about an untrustworthy CA, then this won't help you. It could make it less likely for a CA with buggy code to accidentally issue a cert for your domain. |
|
|
|
|
