|
|
|
|
|
|
by taralx
4240 days ago
|
|
|
That's in this spec: "The server certificate, if one is proffered by the alternative service, is not necessarily checked for validity, expiration, issuance by a trusted certificate authority or matched against the name in the URI." In other words, the certificate presented is merely used to secure the connection against a passive attacker. |
|
|