| Rich Freeman via plug on 11 Aug 2020 14:54:25 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] news |
On Tue, Aug 11, 2020 at 4:39 PM Charlie Li via plug <plug@lists.phillylinux.org> wrote: > > Rich Freeman via plug wrote: > > I'm talking about everybody on this list who lives in the USA, where > > nobody blocks SSL. > > > > Look, if you want you can come up with a bazillion edge cases where it > > doesn't make sense to use SSL, that altogether account for 0.1% of the > > traffic most of us deal with. If you want I can join in. It doesn't > > change my point. > > > Edge cases are not really edge cases. There are certain North American > ISPs who would love to (and in at least one case, already have) pull > some shady shit, but especially on HTTPS. > Well, they're not going to block https since they'd break half the internet. They could play certificate games and MITM things. However: 1. You're still protected from passive evesdropping by parties OTHER than your ISP. MITM requires an active attack, which is a constraint on an attacker - a significant one since it increases their risk of detection and gives you a chance of detecting it yourself. 2. As I've already said, I'm hardly a fan of x.509 as it is implemented today. It is just less worse than not using it at all. I'm not saying browser SSL is the final word in security. I just think it is a better default starting point than unencrypted http. -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug