|
|
|
|
|
|
by tw04
240 days ago
|
|
|
>TLS verifies that the URL matches cert through the chain of trust, I think you need to point out that TLS utilizes the browsers cert store for that chain of trust. If a bad actor acquires an entity that has a trusted cert, or your cert store is compromised, that embedded cert store is almost entirely useless which has happened on more than one occassion (Chinese government and Symantec most recently). https://expeditedsecurity.com/blog/control-the-ssl-cas-your-... This is typically caught pretty quickly but there's almost nothing a user can do to defend against a chain of trust attack. With SSH, while nobody does it, at least you have the ability to protect yourself. |
|
|