Re: [dev] Surf assumes all SSL connections are good, which is bad

From: Antoni Grzymala <antoni_AT_chopin.edu.pl>
Date: Wed, 10 Feb 2010 01:05:33 +0100

On Tue, 9 Feb 2010 18:56:39 -0500, Kurt H Maier <karmaflux_AT_gmail.com>
wrote:
> On Tue, Feb 9, 2010 at 6:09 PM, Chris Palmer <chris_AT_noncombatant.org>
> wrote:
>> Letting people believe that any SSL connection is good is actually
worse
>> than nothing, because it creates a false sense of security.
>>
>> I have serious qualms about depending on CAs (the false sense of
security
>> they engender is even more of a problem, I'd argue!),
>
> stop trying to fix social problems with code
>
> SSL can do two things:
>
> 1) provide site-to-site encryption
> 2) make a lot of money for cert-signing organizations

A man-in-the-middle attack is not a social problem. If site-to-site is not
site-to-*intended*-site then your point 1) is moot. Thank you very much.
Received on Wed Feb 10 2010 - 00:05:33 UTC

This archive was generated by hypermail 2.2.0 : Wed Feb 10 2010 - 00:12:01 UTC