Ran a site called http://crypto.com ... yet doesn't use HTTPS
#EncryptAllTheThings
I mean no disrespect - you're clearly a very intelligent guy. I just find it surprising this is the case particularly when..https://httpsiseasy.com/
-
-
-
I did not run https on that site for the same reason I published only a 512 bit PGP key. I have no way to assure the security of the endpoint and I do not want to falsely advertise security that isn't present.
-
But HTTPS with HSTS helps protects your visitors from man in the middle attacks. Why would you not want that? For the sake of a 0 cost cert surely that's a good thing?
-
In and of itself, it's not a bad thing. But that's not the only consideration. On balance, in this particular case, I'm much more concerned about attacks against the endpoint, and creating a false impression about security that does not exist here.
-
"I'm much more concerned about attacks against the endpoint" but that's exactly what HTTPS & HSTS helps prevent! Like I say you're clearly very intelligent person, but your reasoning for no HTTPS is strange. Anyway, have yourself a great weekend sir!
-
Obviously you know much more about this stuff than I do, so I'm not sure why you're asking me about anything.
-
I'm not saying that. I just genuinely don't get your logic and hoped you could explain. You say you don't want to give false impressions of security yet also say you publish a PGP key. You then said you want to protect the endpoints, but using HTTP achieves the exact opposite
-
The http://crypto.com server was set up in a way that did not allow me to have any assurance I could protect any key material stored on it. That's not a configuration I recommend, but that's the space I was exploring with it.
- 2টি আরও উত্তর
নতুন কথা-বার্তা -
-
-
The owner of a notrump domain is a friend of mine who named it that due to his love of bridge. As far as I know, he turned down absurdly lucrative offers to sell it off for political purposes.
-
This is no doubt an even stranger time for bridge players than it is for cryptographers.
কথা-বার্তা শেষ
নতুন কথা-বার্তা -
-
-
Well done sir. Hope you made out like a bandit. But can we know if they paid you in fiat currency? If so, sounds like they don't believe in their own product and this whole cryptocurrency thing is sounding more like a sham ;)
-
I will happily dispose of old-fashioned, obsolete fiat currency for anyone who asks nicely.
-
If it's not on the blockchain, you *can* spend it...
-
নতুন কথা-বার্তা -
-
-
I probably will. It was quite a deliberate choice not to on http://crypto.com .
-
I really wondered how Monaco got the domain name! $25M being touted as well. Nice work ;)
কথা-বার্তা শেষ
নতুন কথা-বার্তা -
-
Congrats, Matt! You are one of the few people who will make money from the "crypto" bubble in a manner that allows you to sleep at night.
-
um... no
কথা-বার্তা শেষ
নতুন কথা-বার্তা -
-
-
During a gold rush, it’s good to sell shovels.
-
My purchase of NVIDIA after some big lawsuit loss in 2009 paid me handsomely. I cashed most of my winnings out last fall, so missed out on some more nonsensical gains, but am ok with it
কথা-বার্তা শেষ
নতুন কথা-বার্তা -
লোড হতে বেশ কিছুক্ষণ সময় নিচ্ছে।
টুইটার তার ক্ষমতার বাইরে চলে গেছে বা কোনো সাময়িক সমস্যার সম্মুখীন হয়েছে আবার চেষ্টা করুন বা আরও তথ্যের জন্য টুইটারের স্থিতি দেখুন।