[HTTPS-Everywhere] a limitation of HTTPS
Micah Lee
micah at eff.org
Wed Aug 28 14:29:08 PDT 2013
On 06/21/2013 03:32 PM, Michael Horowitz wrote:
> Just an FYI. Without Perfect Forward Secrecy, HTTPS may not offer much protection from NSA spying.
>
> Perfect Forward Secrecy can block the NSA from secure web pages, but no one uses it
>
> http://blogs.computerworld.com/encryption/22366/can-nsa-see-through-encrypted-web-pages-maybe-so
>
> Michael Horowitz
EFF is working on promoting PFS and trying to get more websites to start
using it.
However, even without PFS I still think HTTPS is much, much better than
nothing. Without PFS, NSA still needs the SSL keys from target websites
to spy on HTTPS users, which they may or may not be able to get for any
specific website. However without HTTPS at all NSA can and does spy on
everything it can see.
--
Micah Lee
Staff Technologist
Electronic Frontier Foundation
https://eff.org/join
@micahflee
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://lists.eff.org/pipermail/https-everywhere/attachments/20130828/6edf16ae/attachment.sig>
More information about the HTTPS-everywhere
mailing list