On Sun, Apr 15, 2012 at 4:51 PM, Manu Sporny <msporny@digitalbazaar.com>wrote: > On 04/15/2012 01:29 PM, Fabio Barone wrote: > >> Someone (apparently crypto expert) commented like this: >> >> "This is a step in the right direction, but there is a problem: it >> uses https". >> > > What is it about HTTPS that is problematic? > It is my understanding (I am not an expert) that HTTPS is effective against protecting communications on the wire from getting sniffed, and nothing else. The HTTPS certificate registration infrastructure is concerned with mitigating MITM attacks, and nothing else. Using either one of these tools to do any more than those two things is therefore inappropriate, no matter how well the application actually works or how secure, efficient or reliable it is. Now, back to confidently holding forth about things I am not an expert on in other domains...
Received on Monday, 16 April 2012 20:19:49 UTC