[HTTPS-Everywhere] CA requirement
Drake, Brian
brian at drakefamily.tk
Fri May 31 08:33:49 PDT 2013
As I understand it, the priority with HTTPS Everywhere is to not break
anything. No security warnings, no domains that don’t support HTTPS, no
resources that don’t work properly over HTTPS. They’ll do this even if it
means pages are partially or entirely served over HTTP.
Having a CA’s signature might not make a certificate any better or the site
any more secure, but people think it does. Self signed certificates look
broken. And, in a sense, they ARE broken, in the sense that users have to
take special action to make them work, instead of just browsing using HTTP
the usual way (just because a site supports HTTPS doesn’t mean that
security is always important).
--
Brian Drake
All content created by me:
Copyright<http://www.wipo.int/treaties/en/ip/berne/trtdocs_wo001.html>©
2013 Brian Drake. All rights reserved.
On Fri, May 24, 2013 at 0738 (UTC), oneofthem <oneofthem at lavabit.com> wrote:
> Why doesn't https everywhere include sites that use self signed certs?
> Its not like having a CA signed cert makes a site more secure.
>
>
> _______________________________________________
> HTTPS-everywhere mailing list
> HTTPS-everywhere at mail1.eff.org
> https://mail1.eff.org/mailman/listinfo/https-everywhere
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eff.org/pipermail/https-everywhere/attachments/20130531/c63264e0/attachment.html>
More information about the HTTPS-everywhere
mailing list