On 01/05/20 22:00, Rebecca N. Palmer wrote:
On 01/05/2020 20:31, Elmar Stellnberger wrote:
https isnĀ“t any more secure than http as long as you do not have a
verifiably trustworthy server certificate that you can check for. As
we know the certification authority system is totally broken.
Imperfect yes, but still better than nothing.
There is another problem: implementation. Not all the software that
implement HTTPS verify the validity of the certificate and the validity
of all the certification chain.
For example where I work has been invalidated a certificate, but for
mistake the new valid one was not loaded on a https site. With Debian
and Firefox I cannot access that site (I get "the certificate is not
valid" or something similar), but other people, that use another OS, can
access it with internet explorer and chrome, but not with Firefox.
Ciao
Davide
--
Dizionari: http://linguistico.sourceforge.net/wiki
Sistema operativo: http://www.debian.org
GNU/Linux User: 302090: http://counter.li.org
Non autorizzo la memorizzazione del mio indirizzo su outlook
