certificate update for old Macs
keybounce at gmail.com
Tue Jan 4 19:37:18 UTC 2022
On 2022-01-03, at 4:12 PM, Richard L. Hamilton <rlhamil at smart.net> wrote:
> The only problem with that or anything similar, is that unless you go to quite a lot of work to just download rather than install the PEM file, and convert it into something human readable WITHOUT installing it, and investigate every certificate in there, you're trusting that the site you got it from is not only legit, but is secure and hasn't been hacked to alter the file to provide some very bogus certificates that could work together with some sort DNS spoofing to get you to feed sensitive information (ie bank passwords, etc) via an untrusted site that would capture it.
Makes sense. Now, how do you go about turning a certificate into something human readable? Serious question, I have *never* seen this discussed anywhere.
Everyone just says "As long as the roots are good you can trust the chain", and that's never made sense to me. The whole "trust what strangers say" system seems more like "Find a way for companies to make money" than any good security system.
More information about the macports-users