I don't care so much for the ssl certificates as a protective measure, to be honest. Maybe I should invest more time to understand them, but my current impression is:
- there are now ways to get ssl certificates for free for anyone. So it would be easy to get a certificate for myopenid, where the "i" is not an "i" but some exotic letter that looks the same (or something like that).
- ssl certificates often don't work correctly (setup in the wrong way), so clicking away the warning is becoming a nobrainer. Maybe there isn't even a way to set them up to work correctly across a web site with subdomains, I am not sure. I mean, not even the Chaos Computer Club got them working on their own web site...
Of course ssl certificates are still necessary, but they don't seem to be sufficient to me. I suppose even if I type in an URL directly I can be fooled (DNS servers hacked or whatever), but still.
- there are now ways to get ssl certificates for free for anyone. So it would be easy to get a certificate for myopenid, where the "i" is not an "i" but some exotic letter that looks the same (or something like that).
- ssl certificates often don't work correctly (setup in the wrong way), so clicking away the warning is becoming a nobrainer. Maybe there isn't even a way to set them up to work correctly across a web site with subdomains, I am not sure. I mean, not even the Chaos Computer Club got them working on their own web site...
Of course ssl certificates are still necessary, but they don't seem to be sufficient to me. I suppose even if I type in an URL directly I can be fooled (DNS servers hacked or whatever), but still.