undefined | Better HN

0 pointsdm33tri6y ago0 comments

You can't assume protection, whereas with http you assume no protection.

So, if you can't trust certificate (not when it is invalid), just show same level of protection as http.

0 comments

The problem is that a http: protocol specifier implies no protection; the moment you follow the link, you know that the connection is not secured. Whereas a self-signed https: connection could be due to someone MITM'ing a site that generally uses CA's, in which case "no warning message" implies that the site is secured. The browser message has to make it clear to the user that something possibly unexpected is going on.

j / k navigate · click thread line to collapse

0 pointsdm33tri6y ago0 comments

You can't assume protection, whereas with http you assume no protection.

So, if you can't trust certificate (not when it is invalid), just show same level of protection as http.

0 comments

zozbot2346y ago

j / k navigate · click thread line to collapse