Broken Browsers
2009-05-30 00:07:09.163978+02 by
Dan Lyke
2 comments
Dreamhost: Broken Browsers Part Two, a little musing on HTTP over SSL and why HTTPS certs are badly broken:
Nowadays, buying a secure certificate is an entirely automated
process: one that only requires you to have access to an email address @ the
domain you’re buying the certificate for. All a secure certificate is
telling you nowadays is that:
- Your data was encrypted
between the browser and the server.
- The owner of the domain you are
connecting to dished out $100 to some authority “trusted”
by the browser!
Yeah, I noticed the silliness of which domains Firefox trusts, and the brokenness of changing the certificate authorities, recently when I was getting massive security warnings while browsing some subset of the FAA's site.
Hat tip to Hanan Cohen.
[ related topics:
Weblogs Cryptography
]
comments in ascending chronological order (reverse):
#Comment Re: made: 2009-06-01 16:30:16.585046+02 by:
Mark A. Hershberger
except, certs cost <$20 from GoDaddy.
#Comment Re: made: 2009-06-01 16:41:28.870815+02 by:
Dan Lyke
Or, now, from Dreamhost too. So a cert now means you can pay for a domain name, which means that we need a new browser UI to better rank and assess CAs.
We will not edit your comments. However, we may delete your
comments, or cause them to be hidden behind another link, if we feel
they detract from the conversation. Commercial plugs are fine,
if they are relevant to the conversation, and if you don't
try to pretend to be a consumer. Annoying endorsements will be deleted
if you're lucky, if you're not a whole bunch of people smarter and
more articulate than you will ridicule you, and we will leave
such ridicule in place.