Hmm? SSS/TLS has never signed the content of a website. It only authenticates
temporary symmetric encryption keys which
are used to encrypt (not sign) the contents.
Aw, come on. Web servers send a certificate at the beginning of the
transaction. If I cared, it would take about 10 seconds to do wgets and
save the certificate.
Technically, you're right that the cert doesn't sign the contents, but
this is a distinction only someone deep into cyperpunk silliness cares
about.
R's,
John
On 7/11/20 2:50 PM, John Levine wrote:
In article <22b8aa44-cab8-4467-a18b-ee463997c...@as397444.net> you write:
As for use-case, I don’t find it strange that folks may not want to
cryptographically sign all
their mail without any option to turn that off.
They put up with it on their web sites.
This still impresses me as a customer not worth the hassle.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
