W3C home > Mailing lists > Public > public-webid@w3.org > September 2013

Re: Switch to HTTPS Now, For Free

From: Seth Russell <russell.seth@gmail.com>
Date: Thu, 26 Sep 2013 07:51:54 -0700
Message-ID: <CACfYUR7sU47Q5DGCz81nbg_7LJAAyU5T6z_kCWkPmz2ojc4C3A@mail.gmail.com>
To: Jonas Smedegaard <dr@jones.dk>
Cc: Melvin Carvalho <melvincarvalho@gmail.com>, public-webid <public-webid@w3.org>
I think you missed the point.   How does the client know to whom they
talk?  The <Organization> should be filled in on these certificates.
Certificate authorities are suppose to require verifiable  bona fides from
those to whom they issue certificates.  That's what we pay for.  Now i
certainly acknowledge that doesn't really make the net more trustworthy ...
but that is what it was suppose to accomplish.  Do we now need to
acknowledge that the Emperor has no clothes?  How about ICANN issueing
these certificates free - just fill out the form - no questions asked - no
bona fides at all needed or asked for.

seth

the #toothlessfoodie <https://plus.google.com/s/%23toothlessfoodie>
Facebook: facebook.com/russell.seth
Blog: fastblogit.com/seth/
Talking products: www.speaktomecatalog.com


On Thu, Sep 26, 2013 at 1:31 AM, Jonas Smedegaard <dr@jones.dk> wrote:

> Quoting Seth Russell (2013-09-26 05:19:20)
> > I'm not a security expert,� but this is a bit troubling.� Granted you
> > can hide your web transmissions for unsophisticated prying eyes ...
> > and even cause the little lock to appear ... and do it pretty much
> > free now.� That does sound like a good thing ... and believe me after
> > paying the little big bucks to buy a real certificate commercially
> > every year it sounds really great indeed.� But what troubled me is the
> > certificate ended up telling me that i was visiting some unknown place
> > (Organization� <Not Part Of Certificate>).��� Does this way of
> > certifying actually certify anything to a information consumer?
>
> Yes, it does certify this: Spying on this particular web session of
> yours require either a) very powerful tools, or b) direct access to your
> host or the host at the other end, or c) some interception of just a
> single one of the huge pile of certifiers installed in your system as
> trusted ones.
>
> In short, you have (quite likely) limited surveillance to those with big
> pockets (and helped skew the statistics for the next NSA budget meeting
> to tell that cybercrime is rising - because only criminals have
> something to hide, right?).
>
>  - Jonas
>
> --
>  * Jonas Smedegaard - idealist & Internet-arkitekt
>  * Tlf.: +45 40843136  Website: http://dr.jones.dk/
>
>  [x] quote me freely  [ ] ask before reusing  [ ] keep private
>
Received on Thursday, 26 September 2013 14:53:06 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:05:52 UTC