Friday, 3 March 2017

Fix TLS. Let’s get rid of certificates.

Fix TLS. Let’s get rid of certificates.:

By: Jaap-Henk Hoepman

From the article:

TLS secures the connection between your browser and the websites you visit (and a lot of other Internet connections that do not involve either a browser or a web server). TLS should provide confidentiality (so nobody can steal your passwords or see which webpages you are visiting), integrity (so nobody can modify the transactions you send to your bank) and authenticity. When properly used, TLS provides the first two guarantees, but it is increasingly becoming apparent that it fails to provide the latter: authenticity. The use of certificates (and the poor understanding of what authenticity on the web really means) is to blame.

Read more: full text

See also: update with clarification and improvements

No comments:

Post a Comment