nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Gmail and SSL

From: Steven Bellovin <smb () cs columbia edu>
Date: Wed, 2 Jan 2013 21:12:27 -0500

On Jan 2, 2013, at 8:25 PM, Seth David Schoen <schoen () loyalty org> wrote:


Steven Bellovin writes:


The only Chrome browser I have lying around right now is on a Nexus 7 tablet;
I don't see any way to list the pinned certs from the browser.  There is a
list at http://www.chromium.org/administrators/policy-list-3, and while I
don't know how current it is you'll notice a decided dearth of interesting
sites with the exceptions of paypal.com and lastpass.com.


You can see the current list of cert pins and HSTS preloads in the Chromium
source tree at

https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state_static.h?view=markup

or

https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state_static.json?view=markup


Thanks.  The list is longer, but with the exception of Twitter (and possibly intuit -- a subdomain
is shown), not a lot more interesting.  I don't see major banks, I don't see Facebook or Hotmail,
I don't see the big CAs, etc.


                --Steve Bellovin, https://www.cs.columbia.edu/~smb
Previous By Date Next
Previous By Thread Next

Current thread: