|
|
|
|
|
|
by geocar
3155 days ago
|
|
|
> If a government really wanted access to a specific user's ProtonMail account, couldn't they get a court order from a domestic CA Why bother? If they can MITM ProtonMail, they might as well use letsencrypt which just requires you control the domain name (for some definition of control). > I'm not sure what the state of certificate pinning is, Public-Key-Pins-Report-Only: pin-sha256="Jh0ZSUYEc97HRYcwZIOkH2jKOUpmQhLO48MYd1s5pRM="; pin-sha256="2ZnCTNQBrKShr4c1olKfwNG53KiL6qoNcQi65YGRBn8="; pin-sha256="1D76xWwHug9p4iQWVBiDZF+e3UcxtPte/ig5pkYnmRU="; max-age=300; report-uri="https://protonmail.com/pkp-report"
Looks like they want to know about violations... |
|
|