lynx-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] TLS-"transport layer security" & LYNX

From: David Niklas
Subject: Re: [Lynx-dev] TLS-"transport layer security" & LYNX
Date: Sun, 29 Jul 2018 11:31:27 -0400 
On Sat, 28 Jul 2018 11:53:59 -0400 (EDT)
Mouse <address@hidden> wrote:
> >>> [...] webservers that refuse to serve anything over HTTP except a
> >>> redirect to HTTPS.  
> >> They are just following an industry trend orchestrated by Google.
> >> [...]
> >> It's difficult to get a good explanation for the policy, [...]  
> > The reason that https is being mandated is so that everyone has
> > protection from the NSA and other governments and companies  
> 
> _That_ protection was blown when the first wildcard cert was issued -
> or, if you think of it another way, when support for wildcard certs was
> implemented.
<snip>

If I own example.com and I get a cert for *.example.com how is that
insecure?
I've read things like what you've wrote above before and there is always
that little detail missing...

> > manipulating connections, blocking connections that are deemed
> > "unwanted / illegal / etc.", and spying on user agents.  
> 
> That's all very well, and I'm glad it's available.  My beef is with
> webservers imposing it on clients, rather than letting clients choose.

The idea is that if the webserver does not impose it the client will not
get the choice because of the gov./etc., thus the choice is imposed on all
for those whose clients would not get the choice.

It is a trade off.

"The needs of the few outweigh the needs of the many." -- Star Trek, when
Spock's logic got reversed to justify saving his life.

Sincerely,
David
reply via email to
[Prev in Thread] Current Thread [Next in Thread]