On Sat, Sep 24, 2016 at 08:54:39PM +0200, ilf wrote:
> I for one would love to see unencrypted communications on the internet die.
HTTPS CA concept is broken in itself, then adds unwanted simplicity.
The middle grounds would be:
- to self-sign suckmore certificate
- use a properly distributed CA set of certificates in all "web"
(what's left of it) browsers (or OSes) whose CA signs "en masse"
certificates for everybody who wants one without asking questions.
Of course, the self-signing certificate will annoy anybody wanting to browse
suckmore www as it usually triggers tons of warnings requiring user input (at
most the first time) or action even less annoying. And "standard" web browsers
present those self-signing certificate www sites as *EVIL THAT WILL EAT THE
WORLD*... or it's a cheap man-in-the-middle attack.
But, suckmore www user target is not the "lambda" type then I guess it's fine. :)
The right(TM) answer _would_ be something like HTTPSSH (on port 666? :) ). Just
need proper RFCs to point on SSH tunnel specs and URL/port definitions. Kind of.
Cheers,
--
Sylvain
Received on Sun Sep 25 2016 - 14:29:56 CEST