Hacker News new | past | comments | ask | show | jobs | submit login

>IMO, I think the majority of use cases that people care about with HTTPS are about integrity (i.e. authentication) rather than confidentiality.

I disagree, and so does the IETF: Pervasive Monitoring is an Attack[0].

[0] https://tools.ietf.org/html/rfc7258




But uncle Joe and grandma Margaret don't care about confidentiality. If they did, they wouldn't crab about that shifty Snowden guy, and they would donate to the EFF. They just don't want their Facebook login stolen, or their banking login sold on some forum, or their family photo gallery erased. Confidentiality, for the unfortunate majority of Americans anyway, just isn't a selling point.


>They just don't want their Facebook login stolen, or their banking login sold on some forum, or their family photo gallery erased.

That is confidentiality, no? If login credentials are transmitted in the clear then anybody listening can impersonate them. That's exactly what FireSheep demonstrates.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: