Web lists-archives.com

Re: SSL not required for setup.exe download




On 3/12/19, Achim Gratz wrote:
> Lee writes:
>> I don't think it's a false sense of security.  https:// isn't "safe"
>> but it is _safer_ than http://
>
> Unless you are in an environment where an extra root cert is injected
> just to be able to break up the encrypted connection.  Which is a lot
> more common than people think and is not quite as easy to check for as
> some folks make it out.

Right - checking the web-site cert on every site gets old fast.  Which
is why I liked the firefox cert patrol addon reminding me $WORK had
their "data loss protection" screening in action.

But even with the security office being able to snoop or modify every
one of my https:// connections, it's just the security office people,
so it still seems safer using tls than clear-text connections.

Regards,
Lee

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple