undefined | Better HN

0 pointsgizmo68613y ago0 comments

So you still need to provide some mechanism to prevent malisous attacks. The point of validating certificates is to prevent this class of attack.

0 comments

codeka13y ago

Yes of course. In a corporate environment, you would usually install the proxy server's CA certificate in your certificate store and validate that all certificates were issued by the proxy server.

My original comment was just pointing out that validating that the certificate you get when you connect to https://www.github.com in a corporate network may not be the same as the one you get on the open internet.

It's up to you to decide whether that's something you care about though.

j / k navigate · click thread line to collapse

0 pointsgizmo68613y ago0 comments

So you still need to provide some mechanism to prevent malisous attacks. The point of validating certificates is to prevent this class of attack.

0 comments

codeka13y ago

Yes of course. In a corporate environment, you would usually install the proxy server's CA certificate in your certificate store and validate that all certificates were issued by the proxy server.

It's up to you to decide whether that's something you care about though.

j / k navigate · click thread line to collapse