X-Git-Url: https://gitweb.stoutner.com/?a=blobdiff_plain;f=app%2Fsrc%2Fmain%2Fassets%2Fen%2Fguide_ssl_certificates_dark.html;fp=app%2Fsrc%2Fmain%2Fassets%2Fen%2Fguide_ssl_certificates_dark.html;h=3911bb4418af53bec70a32d182ead8b39e6758c2;hb=afd9b8e690e34c11981eaed1fddbc259fc8cc49a;hp=0000000000000000000000000000000000000000;hpb=f5434ed563e4cb01c950d83aa4e179e2811a8612;p=PrivacyBrowserAndroid.git

diff --git a/app/src/main/assets/en/guide_ssl_certificates_dark.html b/app/src/main/assets/en/guide_ssl_certificates_dark.html
new file mode 100644
index 00000000..3911bb44
--- /dev/null
+++ b/app/src/main/assets/en/guide_ssl_certificates_dark.html
@@ -0,0 +1,49 @@
+<!--
+  Copyright © 2017 Soren Stoutner <soren@stoutner.com>.
+
+  This file is part of Privacy Browser <https://www.stoutner.com/privacy-browser>.
+
+  Privacy Browser is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation, either version 3 of the License, or
+  (at your option) any later version.
+
+  Privacy Browser is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with Privacy Browser.  If not, see <http://www.gnu.org/licenses/>. -->
+
+<html>
+    <head>
+        <meta charset="UTF-8">
+
+        <link rel="stylesheet" href="css/dark_theme.css">
+    </head>
+
+    <body>
+        <h3><img class="title" src="images/ic_vpn_lock_blue_dark.png"> Connect with Confidence</h3>
+
+        <p>When visiting an encrypted URL (one that begins with HTTPS), the webserver uses an SSL certificate to both encrypt the information sent to the browser and to identify the server.
+            The purpose of the server identification is to prevent a machine located between the browser and the webserver from pretending to be the server and decrypting the information in transit.
+            This type of attack is known as a Man In The Middle (MITM) attack. SSL certificates are generated by certificate authorities: companies that verify a server’s identity and produce a certificate for a fee.
+            Android has a list of trusted certificate authorities, and will accept any of their certificates for any website.
+            It isn’t supposed to be possible for an organization to acquire an SSL certificate for a domain they do not control, but in practice many governments and large corporations have been able to do so.</p>
+
+        <p>Pinning an SSL certificate tells the browser that only one specific SSL certificate is to be trusted for a particular domain. Any other certificate, even if it is valid, will be rejected.</p>
+
+        <p><img class="center" src="images/ssl_certificate_mismatch.png"></p>
+
+        <p>SSL certificates expire on a specified date, so even pinned SSL certificates will legitimately need to be updated from time to time.
+            As a general rule, pinning SSL certificates probably isn’t needed in the majority of cases.
+            But for those who suspect that powerful organizations may be targeting them, SSL certificate pinning can detect and thwart a MITM attack.</p>
+
+        <p><img class="center" src="images/pinned_ssl_certificate.png"></p>
+
+        <p>SSL certificates can be pinned in Domain Settings.
+            Besides protecting against MITM attacks, pinning a self-signed certificate for a device like a wireless router or access point will remove the error message that is normally presented every time its website is loaded.
+            To view the current website SSL certificate, tap on the favorite icon next to the URL bar.</p>
+    </body>
+</html>
\ No newline at end of file