

SSL: It’s a Matter of Life and Death - bensummers
http://www.belshe.com/2011/05/28/ssl-its-a-matter-of-life-and-death/

======
biot
With all the trusted root CAs pre-installed into most browsers, a governmnent
that wanted to could easily take over their local CA, have a cert issued to
them for Facebook, Twitter, etc. and man-in-the-middle all your SSL-secured
connections as much as they want.

------
JoachimSchipper
This is over-the-top and forgets more than a few things (e.g. almost every
desktop e-mail client can be easily persuaded to send e-mail in the clear);
nonetheless, the basic point is sound.

A more comprehensive solution - something along the lines of
<http://news.ycombinator.com/item?id=2047794> \- would be needed, unless we
are willing to reduce the internet to HTTP (well, SPDY, but that's basically
the same thing).

