On Thursday 26 May 2016 05:13:43 Peter Gutmann wrote: > Richard Z <r...@linux-m68k.org> writes: > >If any criminal can easily get EV certificates what is the point of > >https? > The point of HTTPS is twofold: > > 1. Convince users that the Internet is safe to do business on > (financial transfers, medical data). > > 2. Provide a steady revenue stream for CAs. > > There's also something about privacy from NSA snooping, but that's a > recent thing, and mostly only geeks care about it. In addition > depending on how paranoid the geeks are, HTTPS may not provide the > privacy they want).
people don't care only if you are asking the wrong questions[1], if you frame the question in the way they do understand, they do care: https://www.youtube.com/watch?v=XEVlyP4_11M 1 - https://www.youtube.com/watch?v=G0ZZJXw4MTA > Finally, point 1 doesn't really need HTTPS, you could just slap a > padlock into the UI and not bother with encryption. So it's mostly > point 2. I don't think that this level of cynicism is helping... -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
