
Not Secure - bullen
So now all HTTP input is &quot;Not Secure&quot; in Chrome. :o
======
zeveb
I suppose that's technically true (as Hermes would say, that's the best kind
of true!), since anything one sends can be trivially intercepted, rewritten
&c.

If we're going to default to HTTPS everywhere, though, we really should just
issue certificates along with IP addresses & DNS names, rather than layering
CAs on top for everything.

~~~
ocdtrekkie
Indeed, the CA model seems broken by default in a nearly unfixable way, and
it's primary goal seems to be to provide a web of trust which is trivial to
break. HTTPS should be about encrypting point A to point B, and implementing
scare warnings unless that encrypted tunnel goes back to a CA is not helping
HTTPS adoption. It's not hard for malicious actors to get an HTTPS cert for
their malware domains from a valid CA, so what's the point of that at this
juncture?

