Author: Gregory Maxwell 2013-12-08 16:51:50
Published on: 2013-12-08T16:51:50+00:00
In an email exchange on December 8, 2013, Drak emphasized the importance of using an SSL certificate to prevent attackers from changing the contents of a page via MITM. However, it was pointed out that having control of the site gives one a certificate regardless, as several CAs will issue a certificate to anyone who can make an HTTP page appear at a specific URL at the domain when requested via the CA over HTTP. While this may not provide complete security, it is seen as expected and poses no harm. The revocation argument is also brought up in the exchange, with the suggestion that any site should use HSTS or otherwise a downgrade attack would be trivial. Overall, the discussion highlights the importance of using SSL certificates for online security, but also acknowledges the limitations and potential vulnerabilities of such measures.
Updated on: 2023-05-19T17:53:00.920637+00:00