Can someone explain the way DNSCrypt uses & validates certificates?
The log messages say a certificate "looks" valid, so how is it being generated/validated?
How vulnerable is the system to a potentially MITM type attack?
I'd initially been thinking that I'd like to see some sort of fingerprinting/hash checking going on, but then obviously those hashes/fingerprints could be tampered with in source (if you roll your own from source) and thus should be published for review/verification at build time?
Please sign in to leave a comment.