Ian G wrote:
In practice, sites see HTTPS as a cost, and a barrier. It doesn't
provide any protection that they *need* although this might be
less true in the future and for big sites.
So, you're saying they don't need encryption, they don't need authentication, they don't need validation, and (I gather) they think their users don't need those things either.
So, why do they bother with https at all? If it's so much bother, and not offering any protections they need, why do they bother? Are they stupid?
-- Nelson B _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
