HTTPs everywhere is a critically important goal, but as Peter Eckersley
at EFF points out, without best practices for keeping certificates
current, with reliable cert authorities -- the -assumption- of a
secure HTTPs connection can be undermined..
e.g. When encountering an "unrecognized certificate" warning - most
people click through.... potentially connecting to a spoofed site....
even though it says HTTPs in the url bar.
On 3/24/15 9:06 PM, Tim Bray wrote:
Check out https://https.cio.gov/ - some good clear thinking there in
the write-up.
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
