W3C home > Mailing lists > Public > public-webid@w3.org > September 2013

Re: Switch to HTTPS Now, For Free

From: Jonas Smedegaard <dr@jones.dk>
Date: Thu, 26 Sep 2013 10:31:56 +0200
To: Seth Russell <russell.seth@gmail.com>, Melvin Carvalho <melvincarvalho@gmail.com>
Cc: public-webid <public-webid@w3.org>
Message-ID: <20130926083156.4370.72569@bastian.jones.dk>
Quoting Seth Russell (2013-09-26 05:19:20)
> I'm not a security expert,� but this is a bit troubling.� Granted you 
> can hide your web transmissions for unsophisticated prying eyes ... 
> and even cause the little lock to appear ... and do it pretty much 
> free now.� That does sound like a good thing ... and believe me after 
> paying the little big bucks to buy a real certificate commercially 
> every year it sounds really great indeed.� But what troubled me is the 
> certificate ended up telling me that i was visiting some unknown place 
> (Organization� <Not Part Of Certificate>).��� Does this way of 
> certifying actually certify anything to a information consumer?

Yes, it does certify this: Spying on this particular web session of 
yours require either a) very powerful tools, or b) direct access to your 
host or the host at the other end, or c) some interception of just a 
single one of the huge pile of certifiers installed in your system as 
trusted ones.

In short, you have (quite likely) limited surveillance to those with big 
pockets (and helped skew the statistics for the next NSA budget meeting 
to tell that cybercrime is rising - because only criminals have 
something to hide, right?).

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

Received on Thursday, 26 September 2013 08:32:27 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:05:52 UTC