Re: HTTP/2 and Pervasive Monitoring

On 8/15/14, 7:25 PM, Roland Zink wrote:
> Don't think that a valid cert really helps here although it may give a
> hint about who is responsible.

We don't have causality, but we do have data.  And so one man's
conjecture is as good as the next's.  Here's mine: the majority of
illicit servers are actually running on hacked systems and the data is
being served off a simple HTTP server, where no warning is produced.  It
costs money to get a cert for that system, which doesn't actually buy
the miscreant anything.


Received on Friday, 15 August 2014 19:41:55 UTC