[HTTPS-Everywhere] fyi/fwiw: discussion on TLS@ list wrt Ivan Ristic's SSL/TLS survey (was: RE: https-everywhere)
Seth David Schoen
schoen at eff.org
Thu Jul 1 10:48:57 PDT 2010
Hodges, Jeff writes:
> fyi/fwiw, I don't know if you guys monitor the tls at ietfc.org list or not, but an interesting thread wrt Ivan Ristic's SSL/TLS survey has erupted there yesterday/today..
>
> [TLS] Eleven out of every ten SSL certs aren't valid
> http://www.ietf.org/mail-archive/web/tls/current/msg06475.html
Yeah, I've already replied twice in that thread, including once to your
post about STS. I hope the mailing list subscribers don't mind these
high-level discussions alongside the lower-level protocol discussions.
Right now I'm trying to work on an off-line note to you and AGL about
how fear of network administrators will discourage some sites that
support HTTPS from turning on STS. I've been thinking about that issue
a lot this past week.
--
Seth Schoen
Senior Staff Technologist schoen at eff.org
Electronic Frontier Foundation https://www.eff.org/
454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107
More information about the HTTPS-everywhere
mailing list