undefined | Better HN

0 pointsdanieltillett10y ago0 comments

I would have thought this covered https.

0 comments

I'm pretty sure "limited to authentication" means that the data is transmitted in the clear but covered by a signature. HTTPS actually encrypts, so it wouldn't count.

rbritton10y ago

Could you not also argue that ongoing use of HTTPS after authenticating yourself with the server is to ensure the response is coming from who you intend (i.e., the server authenticating itself to you)?

geofft10y ago

IANAL, but if you assume law matches cryptographic reality: there's such a thing as the NULL cipher, which most SSL stacks don't support (at least by default) because it's a big footgun. It will let you have traffic that's authenticated but not encrypted.

pupeno10y ago

What would you rather do, argue with the US government or get an ERN and focus on your business? I know my answer ;)

j / k navigate · click thread line to collapse