Quote:
Originally Posted by Freedom6995
|
Tell that to people that operate over 1000 domain networks.
Quote:
|
[i]ncluding account hijacking and identity theft; surveillance and tracking by governments, companies, and both in concert; injection of malicious scripts into pages; and censorship that targets specific keywords or specific pages on sites....
|
That's mostly a crock of shit ... HTTPS (TLS) just encrypts data -- it doesn't change or filter data -- just encrypts the data from the browser to the server and back to the browser from the server. If an embedded iframe with an exploit is on a HTTPS server it will not raise an HTTPS exception -- both servers are HTTPS and a registered HTTPS Cert exists within a browser recognized issuing repository.
So, the "villains" fake register their domains and get their certs (for free!!!) YEAH! we are safe - LMFAO.
Will these free certs be *.wildcard certs or domain specific? All sub domains (including mail, ftp, www) are considered separate domains for HTTPS certs, unless the are wildcarded and each certificate has to be installed on the server. The certs need to be re-installed on upgraded (not updated) server os installs.
Also, the NSA has reportedly broken HTTPS encryption
NSA-Documents: Attacks on VPN, SSL, TLS, SSH, Tor - SPIEGEL ONLINE
This whole HTTPS thing is a Google scam and maybe a NSA trap ...