Re: Fwd (TAG): Draft finding - "Transitioning the Web to HTTPS"

Eric J. Bowman wrote:
> 
> >
> > I encourage you to read more about cryptography and cryptographic
> > network protocols, and to try your hand at subverting HTTP and HTTPS
> > traffic (on your own systems and networks only, of course). I think
> > you'll find that the available security guarantees and
> > non-guarantees of HTTP and of HTTPS are very different from what
> > you have expressed in this thread.
> > 
> 
> Thanks, but I don't think you've understood what it is I'm trying to
> express.
> 

Particularly, Superfish illustrates that the guarantees and non-
guarantees of HTTP and HTTPS are *exactly* what I tried to express in
this thread.

Yes, I know. You're above this list now, or at least until March 30,
while you write a book on Web security. Let's just say I'm not pre-
ordering.

-Eric

Received on Monday, 23 February 2015 02:34:12 UTC