Fwd: [Cryptography] Shaming sites that send sensitive information over HTTP - cypherpunks - lists.cpunks.org

newer
Re: [Dailydave] Protecting your...

Fwd: [Cryptography] Shaming sites that send sensitive information over HTTP

older
Re: [cryptography] RC4 is...

grarpamp

19 Sep 2014 19 Sep '14

8:10 p.m.

---------- Forwarded message ---------- From: Jerry Leichter <leichter@lrw.com> Date: Fri, Sep 19, 2014 at 12:03 PM To: Cryptography <cryptography@metzdowd.com> My favorite: The NSA's web site *redirects HTTPS to HTTP*. Some kind of back-handed acknowledgement of what they do? http://httpshaming.tumblr.com

Reply

Sign in to reply online Use email software

Show replies by date

Peter Gutmann

19 Sep 19 Sep

10:58 p.m.

grarpamp <grarpamp@gmail.com> forwarded:

My favorite: The NSA's web site *redirects HTTPS to HTTP*. Some kind of back-handed acknowledgement of what they do?

My guess is that it's politically-motivated, if you're the NSA would you want to buy your certs from a commercial CA, and if you're a commercial CA would you want to be known as the supplier of trusted certs to the NSA? Peter.

Reply

Sign in to reply online Use email software

staticsafe

20 Sep 20 Sep

12:52 a.m.

On 9/19/2014 18:58, Peter Gutmann wrote:

When I go to www.nsa.gov, I do not get a redirect to HTTP. HTTPS with a cert provided by GeoTrust is what I get. -- staticsafe https://staticsafe.ca

Reply

Sign in to reply online Use email software

coderman

22 Sep 22 Sep

3:11 a.m.

On 9/19/14, staticsafe <me@staticsafe.ca> wrote:

well, at least we know they're listening to customer feedback! ;) [this did indeed change in the interim period, due to server side configuration.]

Reply

Sign in to reply online Use email software

3849

Age (days ago)

3852

Last active (days ago)

Download

3 comments

4 participants

tags

participants (4)

coderman
grarpamp
Peter Gutmann
staticsafe