Replying to Avatar Vitor Pamplona

Is there a protocol to make sure the key used for the wss is the expected one? Or is it like https where the client just takes any valid certificate that comes in?
8c
lacaulac 3y ago

The HTTPS certificate needs to correspond to the relay's domain and be signed by a valid entity. But I wouldn't be surprised if chinese software had a Governement-issued root certificate authority, which means the gov could craft certificates that'd be "valid"

Reply to this note

Please Login to reply.

Discussion

No replies yet.