
 SSL is not about encryption - wglb
http://www.troyhunt.com/2011/01/ssl-is-not-about-encryption.html
======
Xcelerate
Something needs to change drastically, or I can see these problems getting
worse over time. Those little "secure" images in the address bar mean nothing
to 95% of the population. A lot of people don't even know the difference
between a Google search bar and the address bar. Pop-ups appear that are fake
OS message boxes warning about viruses and people fall for these left and
right.

The only way to solve these problems is to educate people. Perhaps a little
tutorial pops up after you've downloaded your web browser -- "If you want to
keep your information from getting stolen, follow this little instructional
guide on how to safely browse the web. It will only take 5 minutes of your
time". I think a lot of people would do it.

------
zobzu
SSL is about encryption. Don't tell bullshit to people just to make a point.
Because they believe it at the first degree.

In fact, SSL (and others) are about:

\- confidentiality (encryption!!)

\- integrity

\- authenticity (trust!!)

and in a lesser but important nonetheless fashion:

\- availability

\- non-repudiation

------
S_A_P
He is both right and wrong IMO. Ssl is about encrypted communication to and
from the server, but the cerrificate also means that you are sending your data
to a trusted authority, and the people are who they say they are. I think the
real issue is that the switch from http -> https can be a security hole and
the safest bet is to use ssl before you ever start entering credentials.

~~~
BaseBand
It's always good practice to type in the https. It's not to difficult to stop
the redirect from http => https.

~~~
zaptheimpaler
If the server redirects from HTTP to HTTPS, how is it possible to stop it?

~~~
BaseBand
MITM attack. If your on the same networking and the router isn't configured to
block ARPing. You can proxy the traffic that filters out the redirect. Your
proxy keeps the https connection open and passes back unsecured content.
Public wifi can be a bad idea sometimes...

------
drivebyacct2
What a weird semantic game. It is about encryption. Without it you wouldn't be
able to "[establish] a degree of trust in a site’s legitimacy that’s
sufficient for you to confidently transmit and receive data with the knowledge
that it’s reaching its intended destination without being intercepted or
manipulated in the process"

~~~
zaptheimpaler
I've learned to completely ignore the title of any article I see on HN. A
disproportionate number of them simply use titles as a way to grab attention.
This article is typical of the pattern - the title is used only as part of a
few sentences at the start of the text, then its completely ignored and the
real article begins.

I've noticed that ignoring the title often helps me to really evaluate what an
article is saying independent of the bias (and frustration) that a bad title
creates.

