Brad Ideas
Crazy ideas, inventions, essays and links from Brad Templeton
Brad IdeasCrazy ideas, inventions, essays and links from Brad Templeton |
|
|
|
NavigationUser loginIf you like this blog, do me a favour and start your Amazon shopping (especially a kindle) from this link, and I'll get a cut. Recent comments
Top EssaysRecent blog posts
BlogrollFellow EFF Folks
Cory Doctorow Larry Lessig Ed Felten Dave Farber John Perry Barlow EFF Deep Links Dave Sifry Syndicate |
Yes, SSL is better
But as I noted, there are many different levels of solution, and one that forces all sites that take passwords to go to SSL is quite a high level of change. You can't thrust that on the net all at once.
If you're going to go to that level, requiring changes at half the sites on the net, you might as well do a number of better changes. And are you going to force every site to buy an "official" cert? Or will there be free certs, or self-signed certs? If you make self-signed certs the norm, you are losing the benefits of authentication because now people don't notice them. Self-signed certs are useful, for starting up encryption and internal use, but they provide no auth the first time.