On Mi, 25 mar 20, 12:34:48, G.W. Haywood wrote: > > 3. HTTPS does NOT make the Web secure. Not even close. I'm not sure > that even the banks still try to peddle that fiction any more.
Are you implying banks should not bother and use plain HTTP instead? > Any > criminal can have a free certificate from Letsencrypt. I have some > for my own use, renewed automatically every three months by certbot, > although I'm not a criminal. If you believe that I'm not a criminal > then I have this box of money in the garage that I'd like to give to > you, please just send the shipping charge and your postal address. As far as I understand HTTPS makes eavesdropping significantly more difficult than plain HTTP (which is basically plain text). It's probably easier to attack one of the endpoints instead (e.g. via malware on the client device used to access the service). Making sure you are actually communicating with the intended entity is a challenge, and not only for HTTPS. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser
Description: PGP signature