Re: Fwd: [Cryptography] Shaming sites that send sensitive information over HTTP

On 9/19/2014 18:58, Peter Gutmann wrote:

grarpamp forwarded:

...

My favorite: The NSA's web site *redirects HTTPS to HTTP*. Some kind of back-handed acknowledgement of what they do?

My guess is that it's politically-motivated, if you're the NSA would you want to buy your certs from a commercial CA, and if you're a commercial CA would you want to be known as the supplier of trusted certs to the NSA?

Peter.

When I go to www.nsa.gov, I do not get a redirect to HTTP. HTTPS with a cert provided by GeoTrust is what I get. -- staticsafe https://staticsafe.ca