|
|
|
|
|
|
by CiPHPerCoder
2893 days ago
|
|
|
> With regards to malicious ISPs MITMing their users: they kinda control your DNS requests, so good luck with that. HTTPS security doesn't depend on DNS. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Ex... Please keep in mind: I do app security for a living. > An ISP can always inject into the HTTP -> HTTPS redirection, and serve HTTP right there and then. ...they said, in a thread about a popular browser marking HTTP insecure. Do you really think HTTPS-by-default is out of the question in the future, especially if adoption rates exceed 99%? |
|
|