On Mi, 25 mar 20, 12:34:48, G.W. Haywood wrote:
> 3.  HTTPS does NOT make the Web secure.  Not even close.  I'm not sure
> that even the banks still try to peddle that fiction any more.

Are you implying banks should not bother and use plain HTTP instead?

> Any
> criminal can have a free certificate from Letsencrypt.  I have some
> for my own use, renewed automatically every three months by certbot,
> although I'm not a criminal.  If you believe that I'm not a criminal
> then I have this box of money in the garage that I'd like to give to
> you, please just send the shipping charge and your postal address.

As far as I understand HTTPS makes eavesdropping significantly more 
difficult than plain HTTP (which is basically plain text). It's probably 
easier to attack one of the endpoints instead (e.g. via malware on the 
client device used to access the service).

Making sure you are actually communicating with the intended entity is a 
challenge, and not only for HTTPS.

Kind regards,

Attachment: signature.asc
Description: PGP signature

Reply via email to