{"id":483,"date":"2011-04-20T14:54:32","date_gmt":"2011-04-20T21:54:32","guid":{"rendered":"http:\/\/upon2020.com\/?p=483"},"modified":"2011-04-20T14:54:32","modified_gmt":"2011-04-20T21:54:32","slug":"https-now-campaign-unfortunately-does-not-fix-the-problem","status":"publish","type":"post","link":"https:\/\/upon2020.com\/blog\/2011\/04\/https-now-campaign-unfortunately-does-not-fix-the-problem\/","title":{"rendered":"&#8220;HTTPS Now&#8221; Campaign Unfortunately Does Not Fix the Problem"},"content":{"rendered":"<p><a href=\"http:\/\/eff.org\/\">EFF<\/a> activist <a href=\"https:\/\/www.eff.org\/about\/staff\/eva-galperin\">Eva Galperin<\/a> in quoted in a ReadWriteWeb <a href=\"http:\/\/www.readwriteweb.com\/archives\/https_now_campaign_aims_to_secure_the_internet.php\">article<\/a> introducing their new campaign:<\/p>\n<blockquote><p>&#8220;HTTPS provides the minimum level of security for websites. Without  it, no site can make any meaningful security or privacy guarantees to  its users.&#8221;<\/p><\/blockquote>\n<p>Well, wouldn&#8217;t that be nice! Particularly if HTTPS actually were providing that security.<\/p>\n<p>For a counter-point, read the (highly detailed) technical <a href=\"https:\/\/blog.torproject.org\/blog\/detecting-certificate-authority-compromises-and-web-browser-collusion\">analysis<\/a> on the blog of the Tor project of the recently found fake HTTP certificates. I cannot independently assert the validity of the points being made in that post, but highly doubt that they are false. The essence:<\/p>\n<blockquote><p>&#8230; this is where  even a single attack really causes the entire CA trust model to fall  apart.<\/p><\/blockquote>\n<p>&#8220;HTTP Now&#8221; can clearly keep the low-level crooks out. However, it does nothing other than create a sense of false security that makes life easier for more professional crooks because &#8220;HTTP Now&#8221; supposedly had made us &#8220;secure&#8221;.<\/p>\n<p>Dear EFF, we need a step two: fix HTTPS!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>EFF activist Eva Galperin in quoted in a ReadWriteWeb article introducing their new campaign: &#8220;HTTPS provides the minimum level of security for websites. Without it, no site can make any meaningful security or privacy guarantees to its users.&#8221; Well, wouldn&#8217;t that be nice! Particularly if HTTPS actually were providing that security. For a counter-point, read&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"webmentions_disabled":false,"footnotes":""},"categories":[60,35],"tags":[],"class_list":["post-483","post","type-post","status-publish","format-standard","hentry","category-digital_identity","category-security","kind-"],"kind":false,"_links":{"self":[{"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/posts\/483","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/comments?post=483"}],"version-history":[{"count":3,"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/posts\/483\/revisions"}],"predecessor-version":[{"id":486,"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/posts\/483\/revisions\/486"}],"wp:attachment":[{"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/media?parent=483"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/categories?post=483"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/tags?post=483"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}