
<div dir="ltr"><div class="gmail_default" style="font-family:garamond,serif"><br></div><div class="gmail_extra"><br><div class="gmail_quote">2015-03-23 7:09 GMT+01:00 Danny Mitchell <span dir="ltr"><<a href="mailto:fishcustard@gmail.com" target="_blank">fishcustard@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">I find it somewhat curious that so many on this list seem to rely on<br>

SSL/TLS for security. An article in the German daily Der Speigel from<br>

19 December last year<br>

(<a href="http://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet-security-a-1010361.html" target="_blank">http://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet-security-a-1010361.html</a><br>

(in English)) quotes NSA documents leaked by Snowden that https<br>

connections are "anything but secure".<br>

<br>

<quote><br>

Even more vulnerable than VPN systems are the supposedly secure<br>

connections ordinary Internet users must rely on all the time for Web<br>

applications like financial services, e-commerce or accessing webmail<br>

accounts. ... The "s" stands for "secure". The problem is that there<br>

isn't really anything secure about them. The NSA and its allies<br>

routinely intercept such connections -- by the millions. According to<br>

an NSA document, the agency intended to crack 10 million intercepted<br>

https connections a day by late 2012.<br>

</quote><br></blockquote><div><br></div><div><div class="gmail_default" style="font-family:garamond,serif">I couldn't agree more. Here is a bit of a rant I wrote a few months back in response to some</div><div class="gmail_default" style="font-family:garamond,serif">of the undue praise that the 'HTTPS Everywhere' idea was getting:</div><div class="gmail_default" style="font-family:garamond,serif"><br></div><div class="gmail_default" style="font-family:garamond,serif"><a href="https://minorfs.wordpress.com/2015/01/07/why-https-everywhere-is-a-horrible-idea-for-now/">https://minorfs.wordpress.com/2015/01/07/why-https-everywhere-is-a-horrible-idea-for-now/</a></div><br></div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">

<div class=""><div class="h5">________________________<span style="color:rgb(34,34,34)"> </span></div></div></blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div class=""><div class="h5">_______________________<br>

The cryptography mailing list<br>

<a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a><br>

<a href="http://www.metzdowd.com/mailman/listinfo/cryptography" target="_blank">http://www.metzdowd.com/mailman/listinfo/cryptography</a><br>

</div></div></blockquote></div><br></div></div>