John's point about SSL (TLS) was with regards to the CA system I think (he would be able to confirm/deny this in a suitable piece of Haiku). The CA System requires you to trust some of the world's largest (and US based) corporations not to share Certificate private keys with TLA's or the highest bidders. How could it possibly go wrong :D On 08/10/15 07:12, Cathal (Phone) wrote:
Everything John says is weird, and he's shown a wilful disregard for even the most basic forms of visitor security all along, from initially refusing SSL onwards. This is *entirely* in character for the caricature-JY I know through this list.
On 8 October 2015 07:05:51 IST, Georgi Guninski <guninski@guninski.com> wrote:
John's replies appear weird to me.
Don't exclude the possibility the web server to be compromised (and likely all John's boxen, he had some troubles with PGP keys) and someone included the alleged logs on purpose.
Recently read leaked presentation that TLAs use such operations.