CA Ceritificate Athority. Problems with SSL, TSL, https. Certificate Patrol. Conspiracy (Firefox Plugin for Man-In-The-Middle Protection from. Browser Security Pinning Mismatch. I did a bunch of work.
As I said before, I could turn off the Firefox Addon, "Tails Download and Verify," and Firefox would allow the webpage for Tails to load. I uninstalled ExpressVPN so I could run Tor (Tor 5 plus is supposed to work with the Firefox Tails "Download and Verify Addon. " Turns out the Tor supplied for "Windows is 6.0.3" and is based upon "Firefox 45.3.0. " This combination works to download and Verify "Tails-i386-2.5.iso. " The PGP sorta seems to match, but I have not established the Web of Trust needed to make it give a total thumbs up message.
Some days ago I wrote to the developer for the Firefox Addon, "Tails Download and Verify," no reply, but he might be on vacation. The purpose of the Pinning is a second security feature, which I had never heard of before, in addition to verifying the CA, as I understand it. The website for Tails is: Which will display in Chrome, not Windows 10 Pro, Firefox 48 with the addon "Tails Download and Verify. " enabled. CA certificates - How safe exactly? (murga-linux thread) This link seems good: for a quick intro on browser configuration. and here is some stuff about googles policy on root certificates: I found these links by googling, "ca athorities chrome" I think though in most cases it is better to have an automated tool to check for suspicious certificate behaviour then to do so manually.
I mention some in this post: However, if you have a high security need (For instance connecting to you work remotely), you might want to create a special purpose browser that trusts as few certificates as possible that you need for this task. This approach is called "Minimizing your attack surface" as a final note: I've collected some info from various sources on problems with SSL and bookmarked them here: Questions about https, Tor, vpn (murga-linux thread) It is my mindset, I believe that the NSA will read whatever I do online as they want.
However I can protect myself against a lot of petty thieves, and annoying spying advertising folks. On the website FAQ for HTTPS Everywhere. "Q. Why is HTTPS Everywhere preventing me from joining this hotel/school/other wireless network? A. You might know of the Firefox App, Firesheep, where one computer grabs the wireless HTPPS connection of another computer as and can collect whatever part of your stuff he wants. The Problem Session hijacking is nothing new. From wiki, Certificate Authorities. Trusted certificates are typically used to make secure connections to a server over the Internet. CA's can be compromised. If a hotel connection can install its own DNS, and other means to pretend that you are, say talking to your bank.
There is, as someone mentioned here. A new CA (sone post by Adilson_Lanpo 2014) The downside of using tor exit nodes for web browsing. Threat Models - MrJim's_Comments 2013. The Trust of Certificate Authorities. s243a post 2014 on sone (A social network plugin for freenet) SSL & TSL. Man in the MIddle.