[Cryptography] How to convince web site to use HTTPS ?

John Levine johnl at iecc.com
Sat Aug 3 22:11:43 EDT 2019

In article <6f6c0ae7d40dc2c08dd56b37eac7016d.squirrel at clueserver.org> you write:
>> Obviously: set up a wifi hotspot with a MITM and demonstrate to them how
>> easy it is to intercept login credentials.  Start your patter with,
>> “Imagine you’re in an airport or a hotel…"
>Insert ads. Modify pictures. Change the name of the CEO to "Dave Null".
>Insert autoplay sounds with fingernails on a chalkboard.

This is overclever.  I expect that the response of the people who
don't want to use https would be that we're a tiny little site,
nobody's going to all that effort just to hack us.  And they would be

I think the point that many browsers say NOT SECURE and are planning
to say worse is likely to be more persuasive.  I also agree with the
comment that he should figure out what the problem really is, wrong
assumptions about cost (a remarkable number of people still believe
that SSL certs cost $100), somnolent web developers, or whatever.


More information about the cryptography mailing list