You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Further details on this. In order to fix this issue, libpagekite needs to support the following:
- Discovery & use of OS certificate authority stores.
- Support for a TOFU model of some sort.
- Specification of acceptable certificate details (fingerprints, names) via. API methods.
Whether we use TOFU or the standard SSL PKI (CA certs) model is an unanswered question at this point; PKI is the standard but it has some nasty failure modes.
This is a particularly sensitive part of the app, because if we refuse connections because a certificate doesn't validate, there is a risk of false positives taking customer devices offline. So although security is important, we don't want to make things less reliable.
When connecting with HTTPS, the SSL certs are not yet verified, making the whole thing insecure.
The text was updated successfully, but these errors were encountered: