Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User mikebear
(regular) Wed 19-Nov-14 19:49:52
Print Post

Should more sites move to encryption?


[link to this post]
 
I've just read this item in today's Sophos newsletter :-

https://nakedsecurity.sophos.com/2014/11/18/naked-se...

What do members think.?
Standard User Pipexer
(eat-sleep-adslguide) Wed 19-Nov-14 20:19:43
Print Post

Re: Should more sites move to encryption?


[re: mikebear] [link to this post]
 
No need to move to HTTPS if the content is not a privacy problem.... What would the point of encrypting this site be for example? Just wastes CPU resources. Anything that discusses a topic that may be considered private etc, by all means go for it.

If it is trivial website content and isn't a security or privacy problem... give people the option.

Oh yeah, and what about the cost and effort of obtaining SSL certificates?

AAISP Home::1
Standard User BatBoy
(legend) Wed 19-Nov-14 21:13:09
Print Post

Re: Should more sites move to encryption?


[re: mikebear] [link to this post]
 
Yes, people just aren't aware of what information they are giving away about themselves. It's the least a site can do to try and stop this growing surveillance nightmare


____________________________________________________________________________All_Quiet_on_the_Western_Front__________________


Register (or login) on our website and you will not see this ad.

Standard User Ignitionnet
(knowledge is power) Wed 19-Nov-14 21:59:04
Print Post

Re: Should more sites move to encryption?


[re: mikebear] [link to this post]
 
Encryption should be the norm, not the exception, so this is good.

You don't use postcards for everything with envelopes as the exception, same bag.
Standard User GeeTee
(committed) Wed 19-Nov-14 23:44:41
Print Post

Re: Should more sites move to encryption?


[re: Pipexer] [link to this post]
 
In reply to a post by Pipexer:
What would the point of encrypting this site be for example?

To prevent username + password being snarfed out of the aether when e.g. using a public wi-fi connection.

In reply to a post by Pipexer:
Oh yeah, and what about the cost and effort of obtaining SSL certificates?

StartSSL Class 1 certificates are free https://www.startssl.com/?app=1

The EFF (and various significant partners) are launching the "Let's Encrypt" CA around the middle of next year which will provide free basic certs as well: https://www.eff.org/deeplinks/2014/11/certificate-au...

This move will force all the major CAs to dish out Class 1 certs for free in the long run I think.
Standard User Kronos2001
(fountain of knowledge) Thu 20-Nov-14 02:36:27
Print Post

Re: Should more sites move to encryption?


[re: mikebear] [link to this post]
 
HTTPS will not prevent a snooper knowing which web site you're looking at. Not only can you see which server the connection is going to, but the SSL certificate contains a name for the site in plain text. All it will do is hide which page you're looking at.
Standard User chrispduck
(newbie) Thu 20-Nov-14 08:46:30
Print Post

Re: Should more sites move to encryption?


[re: Kronos2001] [link to this post]
 
Yes, it will be noted you contact the google, Barclays Bank, or Dr Practice, but the metadata will be hidden, so no one will know that you are interested in s&m, or checking bank loan rates, or curious about cancer prognosis and treatment.

Yes it probably can be compromised by 'the man' but still takes time and money to do.

there are at least 2 free VPN out there, if you want total data obfuscation.

Also it makes the 5? year data retention by ISPs fairly useless
Standard User kev_445
(regular) Thu 20-Nov-14 08:59:36
Print Post

Re: Should more sites move to encryption?


[re: mikebear] [link to this post]
 
In reply to a post by mikebear:
I've just read this item in today's Sophos newsletter :-

https://nakedsecurity.sophos.com/2014/11/18/naked-se...

What do members think.?


Google at some point are going to start ranking domains higher if they use HTTPs.
Link: http://googlewebmastercentral.blogspot.co.uk/2014/08...

The problem I foresee, is that each secure certificate will require its own dedicated IP address. For a long time now, shared hosting providers have been “sharing” 1 IPv4 address with many web-sites, in order to conserve usage.

If everyone now wants to go HTTPs, some hosting providers are going to have issues.
Standard User GeeTee
(committed) Thu 20-Nov-14 11:32:29
Print Post

Re: Should more sites move to encryption?


[re: kev_445] [link to this post]
 
SNI (Server Name Indication) takes care of that.
https://en.wikipedia.org/wiki/Server_Name_Indication

Although personally I'd prefer to see a hurry up on IPv6 adoption.
  Print Thread

Jump to