Re: Proposal: Marking HTTP As Non-Secure

On Thu, Dec 18, 2014 at 4:22 PM, Michael Martinez <> wrote:
>  The first article describes a Double Direct attack, which is an
> alternative to ARP poisoning.  HTTPS won't defend against the Double Direct
> method.

Sorry, but you're basing the claim that HTTPS won't defend against it on
what?  Do you understand how IP routing tables work and what the security
consequences of hijacking the IP transit of HTTPS connections are?  In
particular, do you understand how it affects SSL certificate host

Received on Friday, 19 December 2014 01:01:25 UTC