Flutterby™! : Broken Browsers

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

Broken Browsers

2009-05-29 22:07:09.163978+00 by Dan Lyke 2 comments

Dreamhost: Broken Browsers Part Two, a little musing on HTTP over SSL and why HTTPS certs are badly broken:

Nowadays, buying a secure certificate is an entirely automated process: one that only requires you to have access to an email address @ the domain you’re buying the certificate for. All a secure certificate is telling you nowadays is that:

  • Your data was encrypted between the browser and the server.
  • The owner of the domain you are connecting to dished out $100 to some authority “trusted” by the browser!

Yeah, I noticed the silliness of which domains Firefox trusts, and the brokenness of changing the certificate authorities, recently when I was getting massive security warnings while browsing some subset of the FAA's site.

Hat tip to Hanan Cohen.

[ related topics: Weblogs Cryptography ]

comments in ascending chronological order (reverse):

#Comment Re: made: 2009-06-01 14:30:16.585046+00 by: Mark A. Hershberger

except, certs cost <$20 from GoDaddy.

#Comment Re: made: 2009-06-01 14:41:28.870815+00 by: Dan Lyke

Or, now, from Dreamhost too. So a cert now means you can pay for a domain name, which means that we need a new browser UI to better rank and assess CAs.