[Cryptography] [cryptography] STARTTLS for HTTP
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Aug 20 01:12:41 EDT 2014
Jerry Leichter <leichter at lrw.com> writes:
>Ah, that famous "false sense of security". Justifying not doing anything -
>because we can't do the absolute best - since, what, 1985 or so?
Since 1772 at least (Voltaire, "La Bégueule").
>As always, specifying (a) what attacks you need to defend against; (b) how
>much you're willing to pay; is essential. For most people, (b) is "not very
>much" (where the payment will be in inconvenience). For most people, the most
>likely attack is "none at all"; the second most likely attack is "passive
>listening". Active MITM is way down there. Opportunistic encryption is much
>better than what they would otherwise have, which is nothing at all.
+1.
Peter.
More information about the cryptography
mailing list