and not a single Tor hacker was surprised...

[rysiek@hackerspace.pl (rysiek)]

Dnia Å?roda, 22 stycznia 2014 07:44:16 coderman pisze:
>  (someone should write more about using client-side certificates as a
> method to thwart SSL MitM with a CA signing transparent proxy
> adversary upstream. aka BlueCoat with "enterprise certificate"
> injected or private key pilfer.)

About this. Is there a way to serve 2 (or more) certificates for a given HTTPS 
server/domain? What I would like to have is a way to:
 - serve a proper, vanilla SSL certificate bought from some provider for the
   general public accessing my service;
 - serve a different cert (for example, using MonkeySphere) for those that do
   not trust (and with good reasons) major CA's.

This would have to work for the *same* domain on the *same* webserver. I 
haven't yet seen a way to do this, so this might need implementing, but maybe 
somebody here has heard about something along these lines?

-- 
Pozdr
rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 316 bytes
Desc: This is a digitally signed message part.
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20140122/73870f50/attachment.sig>