I neglected to include the link to the new EFF/Mozilla Certificate
authority initiative.
Launching in 2015: A Certificate Authority to Encrypt the Entire Web
https://www.eff.org/deeplinks/2014/11/certificate-authority-encrypt-entire-web
On 3/25/15 10:08 AM, Mike Liebhold wrote:
HTTPs everywhere is a critically important goal, but as Peter
Eckersley at EFF points out, without best practices for keeping
certificates current, with reliable cert authorities -- the
-assumption- of a secure HTTPs connection can be undermined..
e.g. When encountering an "unrecognized certificate" warning - most
people click through.... potentially connecting to a spoofed
site.... even though it says HTTPs in the url bar.
On 3/24/15 9:06 PM, Tim Bray wrote:
Check out https://https.cio.gov/ - some good clear thinking there in
the write-up.
_______________________________________________
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass
_______________________________________________
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass
