Hacker News new | comments | ask | show | jobs | submit login

Ignorant question: If they are making getting a certificate easy for everyone, what is to stop "bad guys" from getting certificates for their sketchy sites? I usually look to the green "https" in my uri bar for reassurance when I'm on an unusual site.



Nothing will. Checking for https for validation whether author of a website has malicious intents is wrong, SSL is not intended for that purpose. That's the purpose of an EV cert, because it requires a company to prove its identity, so the very least you can do is to look for green bar / company name in the address bar.


So then why is it important? What is the argument for encrypting all web traffic? Does it act as a sort of camouflage for the actually important encrypted traffic?




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: