It's up to you to check the Web of trust of this fingerprint. It being served ov... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		arianvanp on Aug 10, 2017 \| parent \| context \| favorite \| on: Salesforce fires red team staffers who gave Defcon... It's up to you to check the Web of trust of this fingerprint. It being served over HTTP is not an issue at all. Even in Trust on First Use I would argue delivering over HTTP is not an issue.

aembleton on Aug 10, 2017 [–]

It is an issue because you could MITM this and give a different address and fingerprint. This seems highly unlikely but is possible.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact