3 Jul
2017
3 Jul
'17
3:27 p.m.
*** Steve Kinney <admin@pilobilus.net> [2017-07-03 17:30]:
However they are refusing to implement HTTPS arguing that because their .exe are digitally signed with authenticode they are safe https://trac.videolan.org/vlc/ticket/18472 .
Against hostile State actors, HTTPS only provides a false sense of security. If your threat model includes the CIA, reliance on HTTPS is a fundamental error in the "game over" category.
-- Sergey Matveev (http://www.stargrave.org/) OpenPGP: CF60 E89A 5923 1E76 E263 6422 AE1A 8109 E498 57EF