On 2022-01-03, at 4:12 PM, Richard L. Hamilton <rlha...@smart.net> wrote:
> The only problem with that or anything similar, is that unless you go to > quite a lot of work to just download rather than install the PEM file, and > convert it into something human readable WITHOUT installing it, and > investigate every certificate in there, you're trusting that the site you got > it from is not only legit, but is secure and hasn't been hacked to alter the > file to provide some very bogus certificates that could work together with > some sort DNS spoofing to get you to feed sensitive information (ie bank > passwords, etc) via an untrusted site that would capture it. Makes sense. Now, how do you go about turning a certificate into something human readable? Serious question, I have *never* seen this discussed anywhere. Everyone just says "As long as the roots are good you can trust the chain", and that's never made sense to me. The whole "trust what strangers say" system seems more like "Find a way for companies to make money" than any good security system.
