and not a single Tor hacker was surprised...
rysiek
rysiek at hackerspace.pl
Wed Jan 22 09:05:51 PST 2014
Dnia środa, 22 stycznia 2014 07:44:16 coderman pisze:
> (someone should write more about using client-side certificates as a
> method to thwart SSL MitM with a CA signing transparent proxy
> adversary upstream. aka BlueCoat with "enterprise certificate"
> injected or private key pilfer.)
About this. Is there a way to serve 2 (or more) certificates for a given HTTPS
server/domain? What I would like to have is a way to:
- serve a proper, vanilla SSL certificate bought from some provider for the
general public accessing my service;
- serve a different cert (for example, using MonkeySphere) for those that do
not trust (and with good reasons) major CA's.
This would have to work for the *same* domain on the *same* webserver. I
haven't yet seen a way to do this, so this might need implementing, but maybe
somebody here has heard about something along these lines?
--
Pozdr
rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 316 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20140122/73870f50/attachment-0002.sig>
More information about the cypherpunks
mailing list