Saturday, August 20, 2005

How SSL/TLS is broken, socially:
"SSL/TLS works pretty well on the technical side, but on the social side, it’s broken, because so many sites (especially small ones) don’t use it, requiring users to send passwords and other private information in the clear. The problem is trying to do two things at once with a single standard:

authentication of the server’s (and sometimes the client’s) identity; and
encryption of communications."

(Via Quoderat.)