Comment by landr0id
12 hours ago
I'm surprised Firefox didn't warn me when I went to the page. Hostile teleco/MITM waiting for HTTP traffic are a real-world way that nation states deliver exploits.
12 hours ago
I'm surprised Firefox didn't warn me when I went to the page. Hostile teleco/MITM waiting for HTTP traffic are a real-world way that nation states deliver exploits.
It did for Librewolf -- what I moved to from Firefox. Self-Signed certs I'm down with, http I'm not, and never will be for any reason. Plain-text data transmissions have no acceptable reasoning.
You do realize self-signed certs are useless, could have been tampered with, and could have just as easily been created by a malicious actor?
There's a reason most default self signed certs are called "snake oil".
You can pre-share the certificate out of band, or set up your browser to TOFU like SSH does. Then they are not useless and may be superior to PKI for certain threat models.
PKI is basically powerless against nation states executing a targeted MITM attack. It does prevent them from passively snooping everything.
You can enable it in the settings.