Hacker News new | ask | show | jobs
by notatoad 3933 days ago
But that's nothing new. If you need real trust, you need EV. The win from LetsEncrypt and any other attempt to make SSL more mainstream is the encryption, not the trust. If you're using SSL you're protected from some government and ISP snooping, and from having the contents of your message or webpage altered in mid-stream by a nefarious third party like AT&T.
3 comments
mahouse 3933 days ago
Of course it's new. It's new since there are free certificates. Before, you had to pay, always. The amount was irrelevant, but you had to show your credit card. You had to prove your identity. That's a whole new felony there: stolen ID, carding, etc.
link
notatoad 3933 days ago
You had to have a credit card, but there was never any matching of the credit card name to the cert. Nobody is going to stop you from buying a cert for my domain with a prepaid credit card.
link
wtetzner 3933 days ago
I don't see how it's a whole new felony. You could use your own credit card, and still convince the CA you own a domain that you don't.
link
Vespasian 3933 days ago
Protected from criminals or from the ISP snooping, yes (with a certain confidence), protected from the government (any government really) snooping most likely no. If not through their own ca (just find the one controlled by your local government. High chances there is at least one in default ca stores) than always by obtaining a warrant and requiring the website in question to share information.
link
pjzedalis 3933 days ago
I think people are making too big of a deal of SSL. So what if my browser connection to Target or Home Depot is encrypted?
link
gboss 3933 days ago
Well it's possible and reasonable that you don't want to have what products your browsing to be snooped on by some sort of MITM attack. While probably not from MITM snooping, Target found out a teenage girl was pregnant before her own parents, and sent her parent's address Diaper and Baby advertisements: http://www.forbes.com/sites/kashmirhill/2012/02/16/how-targe...
link
pjzedalis 3933 days ago
My point is all this work and it's only a small part of the equation.
link
cpach 3933 days ago
Would you really want you credit card details to be sent in plaintext?
link