Hacker News new | ask | show | jobs
by HelloBeautiful 5566 days ago
Haha, this doesn't make any sense. How can you possibly know the real cert from the one generated by NSA?
2 comments
fugue88 5566 days ago
Great question! Unfortunately, I don't think you can.

If you use CA certs to trust site certs, the site certs can change on the fly (i.e. be replaced with an NSA interloper) without you knowing.

If you kill your CA certs, and mark individual sites trusted, than at least your browser will notify you if the site's cert has changed since you lasted trusted it. Theoretically. I haven't actually tested this yet. :(

link
kronusaturn 5566 days ago
Call them on the phone and ask them to read you their cert fingerprint. Or use this: http://www.networknotary.org/firefox.html
link
HelloBeautiful 5566 days ago
Phone lines are secure of course ...
link