← Back to context

Comment by cdchn

3 years ago

>Someone could easily run the same kind of thing on the internet, providing free proxy service and telling their users to trust a certificate signed by them, without properly explaining the consequences of that.

Somebody already did do this, except as a paid service, and had their special 'client' simulate user clicks to install the self-signed root CA cert in your OS' cert store for you.

3 comments

cdchn

Reply
SOLAR_FIELDS  3 years ago

Interesting, it would have to be a pretty invasive client to do that. Usually installing a cert is accompanied by a lot of very loud warnings on modern OSes. So the end user would have to first give this software the permission to click around on their desktop for them without fully understanding the implications. Which does seem plausible

  • codetrotter  3 years ago

    Adding trusted certificates in Firefox directly, instead of at the OS level, is very straightforward. Requires few clicks and does not shout too much.

    I prefer using Firefox on my laptop so I didn’t check to see what the process is like for Chrome-based browsers to add trusted certificates (or if Chrome-based browsers only use OS-level certs).

    But at least with Firefox, the user doesn’t have to go fiddling with OS level stuff.