undefined | Better HN

0 pointshedora5y ago0 comments

It’s extremely insecure if you’re worried about things beyond passive mass surveillance.

If someone can intercept traffic to your server IP, they can get a Let’s Encrypt certificate. If they can’t reliably man in the middle that IP, then HTTP is reasonably secure already.

Such “certificates without certification” This is one reason browsers have added new UI elements for certified domains.

0 comments

niij5y ago

MITM'ing the connection between LE and a server is generally much more difficult and targeted than between any client and the server. Two different scenarios there.

donmcronald5y ago

> This is one reason browsers have added new UI elements for certified domains.

Can you elaborate?

j / k navigate · click thread line to collapse