Re: Draft finding - "Transitioning the Web to HTTPS"

>> Please stop saying we are steadily under attack. We are not.
> My understanding is that yes, indeed, we are: <>

I'm afraid that our current efforts is not going to stop these efforts…
Also, many people seem to accept that governments' listening is not as much of an attack bothering as hackers' listening.

>> And in many many many cases in common use on the web, we do not care if
>> we would be.
> Yes, in many cases. In many other cases, we however do.
> I'm also not a fan of the "everything must be encrypted *and* authenticated" approach, when "encrypt as much as you can" would solve many of these problems as well, without introducing these other problems we've been discussing here. But pretending that there is no problem that needs to be solved doesn't help either.

I hope I was not expressing this.
What I ways expressing is that the choice should be possible.
Currently, choosing self-signed-certs is deadly for uninformed users to see your website. It is not a choice.


Received on Monday, 19 January 2015 22:24:20 UTC