Reply to post: That seems like a security problem

Android Nougat may contain traces of NOT for users of custom CAs

Christian Berger

That seems like a security problem

I mean if I have some program which only needs to talk to my server, I can just deliver the correct certificate with it. There is no advantage in relying on some external certificate authority which I do not control.

In fact, since I have no idea what the Google approved CA does and I have to hand over the keys to my kingdom, it's kinda a problem. I trust in yet another external organisation.

Plus the obvious problem is that this might hinder reverse engineering as I cannot bypass TLS by using my own certificates.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022