undefined | Better HN

0 pointsthrower1236y ago0 comments

I don't really understand why we have decided that static html pages need to have a TLS certificate

0 comments

Well for one thing it prevents ISPs from injecting ads (or worse) into sites.

But then how is Comcast supposed to tell me I'm about to go over my monthly data cap?

Imagine a static website that provides crucial information, for instance, some regulation you have to follow. Your enemy MITM attacks that website and sends you a different page, which gets you in trouble.

The certificate guarantees that the information you are getting is from the entity who actually has access to the server serving the website.

woodrowbarlow6y ago

even if you have something like a "donate" link that's goes to a third party payment processor. a MITM could redirect that link the their own paypal collections page.

j / k navigate · click thread line to collapse