You periodic reminder that HTTPS (excluding EV) is about protecting and trusting the connection, not the website.
3
61
40
Possible malicious actors without HTTPS: * the website * the ISP * the gov * the hot-spot * the neighbor With HTTPS: * the website
30
173
118
Replying to @FiloSottile
@FiloSottile @directhex Also MITM ISPs with control of your DNS and a root-signed MITM cert. Also the entire CA system

May 14, 2015 ยท 6:41 PM UTC

1
2