On Wed, May 25, 2016 at 10:13 PM, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote: > Richard Z <r...@linux-m68k.org> writes: > >>If any criminal can easily get EV certificates what is the point of https? > > The point of HTTPS is twofold: > > 1. Convince users that the Internet is safe to do business on (financial > transfers, medical data). > > 2. Provide a steady revenue stream for CAs. > > There's also something about privacy from NSA snooping, but that's a recent > thing, and mostly only geeks care about it. In addition depending on how > paranoid the geeks are, HTTPS may not provide the privacy they want). > > Finally, point 1 doesn't really need HTTPS, you could just slap a padlock > into the UI and not bother with encryption. So it's mostly point 2. > > Peter.
Peter, This seems both off-topic and not productively addressing the topic at hand. Further, your statements are a direct suggestion that Mozilla Foundation does not adhere to its Manifesto or its principles - https://www.mozilla.org/en-US/about/manifesto/ - and if that's your position, perhaps you should take that conversation up directly with Mozilla governance, rather than suggesting it as factual. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
