Quote
Personally I removed all ca's from my browser and only trust certificates I add manually.
I am using certpatrol in FF instead, but with google's services it's useless. They has so many different certificates...Yha, there are some services that will simply not work when removing ca's or at least not within reason, they have to meany or dynamic certs (google being one of them idd). I just have a unsafe os setup to use those and keep things separated.
IPv6 should support IPSec natively, I am not an expert of crypto stuff, but to me it seems strong enough to prevent DPI. We should just use it.
It has the same issue, what certificate to trust ? Only if you manually add a certificate that you personally trust is it secure, any exciting type of dynamic/automated distribution creates holes.
