Fwd: [Cryptography] Shaming sites that send sensitive information over HTTP - cypherpunks - lists.cpunks.org

newer
Re: [Dailydave] Protecting your...

Fwd: [Cryptography] Shaming sites that send sensitive information over HTTP

older
Re: [cryptography] RC4 is...

grarpamp

19 Sep 2014 19 Sep '14

8:10 p.m.

---------- Forwarded message ---------- From: Jerry Leichter Date: Fri, Sep 19, 2014 at 12:03 PM To: Cryptography My favorite: The NSA's web site *redirects HTTPS to HTTP*. Some kind of back-handed acknowledgement of what they do? http://httpshaming.tumblr.com

Reply

Sign in to reply online Use email software

Show replies by date

Peter Gutmann

19 Sep 19 Sep

10:58 p.m.

grarpamp forwarded:

My favorite: The NSA's web site *redirects HTTPS to HTTP*. Some kind of back-handed acknowledgement of what they do?

My guess is that it's politically-motivated, if you're the NSA would you want to buy your certs from a commercial CA, and if you're a commercial CA would you want to be known as the supplier of trusted certs to the NSA? Peter.

Reply

Sign in to reply online Use email software

staticsafe

20 Sep 20 Sep

12:52 a.m.

On 9/19/2014 18:58, Peter Gutmann wrote:

grarpamp forwarded:

...
My favorite: The NSA's web site *redirects HTTPS to HTTP*. Some kind of back-handed acknowledgement of what they do?

My guess is that it's politically-motivated, if you're the NSA would you want to buy your certs from a commercial CA, and if you're a commercial CA would you want to be known as the supplier of trusted certs to the NSA?

Peter.

When I go to www.nsa.gov, I do not get a redirect to HTTP. HTTPS with a cert provided by GeoTrust is what I get. -- staticsafe https://staticsafe.ca

Reply

Sign in to reply online Use email software

coderman

22 Sep 22 Sep

3:11 a.m.

On 9/19/14, staticsafe wrote:

... When I go to www.nsa.gov, I do not get a redirect to HTTP. HTTPS with a cert provided by GeoTrust is what I get.

well, at least we know they're listening to customer feedback! ;) [this did indeed change in the interim period, due to server side configuration.]

Reply

Sign in to reply online Use email software

3650

Age (days ago)

3653

Last active (days ago)

Download

3 comments

4 participants

tags

participants (4)

coderman
grarpamp
Peter Gutmann
staticsafe