|
|
|
|
|
|
by zdw
220 days ago
|
|
|
The TLS issue mentioned can be more easily conceptualized if you view the root CA lists as "The people you're OK with MITM-ing you". And then whether your trust in the browser vendor coalition to push back against and punish even accidental CA malfeasance are reasonable. |
|
|
Security, like every human, believes they’re the good guys.
Platform teams cannot enforce the principle of least privilege.
Truly a paradox.