From reading the draft, it looks like adding a root cert will still allow over riding this
Your right – that is the intent; but in current implementations, it’s the “it is acceptable” wording that is interpreted. In all cases so far the “SHOULD NOT” submit a report is honored, but Chrome isn’t going to let you load google using any certificate not issued by a google. There are ways around this for enterprise deployments; and it probably is a fair assessment that hams could deploy a second browser configured in that manner… but for a general user, its going to be a lot harder than just installing a new root cert. From: Bryan Fields<mailto:Bryan@bryanfields.net> Sent: Friday, August 16, 2019 6:58 PM To: Puget Sound Data Ring<mailto:psdr@hamwan.org> Subject: Re: [HamWAN PSDR] Idea for addressing HTTPS on HamWAN On 8/16/19 9:40 PM, Jake Visser wrote:
Much like HSTS; Expect-CT is starting to be deployed too (this replaces certificate pinning). https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeveloper.mozilla.org%2Fen-US%2Fdocs%2FWeb%2FHTTP%2FHeaders%2FExpect-CT&data=02%7C01%7C%7Cecd5e4bb42b44a1451f608d722b6550a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637016038809698674&sdata=kzuM9RFUO816UaYPT%2FpYBwcR1khLM86O1QLIK6PeMj0%3D&reserved=0
This will prevent users from accessing sites that are signed by a certificate that does not appear in the public transparency logs…
From reading the draft, it looks like adding a root cert will still allow over riding this. Is that not what 2.4.1 speaks of in there? I'll admit I'm not up on the newest SSL standards.
The best option – if this is truly to be used for emergency communications – is to try the proposed FCC path.
I would say we not try that. The FCC rules can be interpreted a number of different ways now, it's likely if we ask for clarification they may do so in a way making this all a violation. Right now the FCC rules are moot on encryption, the word doesn't appear in part 97 at all. -- Bryan Fields 727-409-1194 - Voice https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fbryanfields.net&data=02%7C01%7C%7Cecd5e4bb42b44a1451f608d722b6550a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637016038809708685&sdata=B5gtHYNuNHid52YmaWu205rclAQzDiRyC5sMXi%2FKix4%3D&reserved=0 _______________________________________________ PSDR mailing list PSDR@hamwan.org https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmail.hamwan.net%2Fmailman%2Flistinfo%2Fpsdr&data=02%7C01%7C%7Cecd5e4bb42b44a1451f608d722b6550a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637016038809708685&sdata=XPLFa%2FJlJkZanR4uB4CGLo9GAwhvREibuhu3NMnxLZs%3D&reserved=0