top | item 3606226

(no title)

joshtalon | 14 years ago

Chrome already has a mechanism to detect a MITM for Google's servers by embedding those servers' public keys into Chrome itself.

Of course, that doesn't stop a company from placing locally-trusted rogue certificates on computers they control, overriding Chromes public-key pinning check. But it means that they can't MITM a connection from your personal laptop when you're on their network.

discuss

No comments yet.