On 3/12/19, Achim Gratz wrote: > Lee writes: >> I don't think it's a false sense of security. https:// isn't "safe" >> but it is _safer_ than http:// > > Unless you are in an environment where an extra root cert is injected > just to be able to break up the encrypted connection. Which is a lot > more common than people think and is not quite as easy to check for as > some folks make it out.
Right - checking the web-site cert on every site gets old fast. Which is why I liked the firefox cert patrol addon reminding me $WORK had their "data loss protection" screening in action. But even with the security office being able to snoop or modify every one of my https:// connections, it's just the security office people, so it still seems safer using tls than clear-text connections. Regards, Lee -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple