|
|
|
|
|
|
by Steeeve
3453 days ago
|
|
|
1. key pinning wasn't part of this policy, and regardless implementations are few and doing it correctly is problematic at best. 2. Certificate transparency is not implemented in all clients (and won't be). 3. I do understand the 2 foot high fence, and I've re-iterated repeatedly that I don't believe that TLS is a bad idea or that it provides no benefits. My original comment was meant to point out that a blanket "https everywhere" policy for the federal government is a bad idea. 4. malicious or friendly routers can MITM. Would you go to defcon, attach to an unknown wifi source, and pass your banking credentials? |
|
|