|
|
|
|
|
|
by iudqnolq
488 days ago
|
|
|
> Second date has capabilities of network eavesdropping, MiTM, and code injection This is probably a dumb question but doesn't that require an SSL cert? Obviously the NSA can get someone to issue a cert for a domain they don't own but wouldn't that be visible? Couldn't you have every user device log the SSL certs it sees to detect this attack? What about CT? |
|
|