On Thu, 7 Jun 2018, J.B. Nicholson wrote:
George wrote:
Why can't we have both? I mean the software is in the public domain
there is nothing to hide so what's the point of encrypting the site?
ISPs and other intermediaries alter website traffic between the server and
the client. The purpose of their alterations is irrelevant, you should get
the data the server is trying to send you. You can never be sure if what
you're getting is what the server tried to send you if you're getting that
data over HTTP instead of HTTPS.
Unfortunately, the ISP can also spoof HTTPS unless the server
certificate is constructed perfectly, and the client confirms the
server certificate perfectly.
DNS as commonly used is easily spoofed by an ISP so different (ISP) IP
addresses can be returned for a given full-qualified host name. The
ISP can intercept the HTTPS connection and produce a new HTTPS
connection to the remote server.
Many HTTPS clients have been found to be doing wrong things.
Bob
--
Bob Friesenhahn
bfrie...@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
_______________________________________________
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users