On Monday 09 Sep 2013 03:05:57 Michael Orlitzky wrote: > On 09/08/2013 09:33 PM, Dale wrote: > > Someone found this and sent it to me. > > > > http://news.yahoo.com/internet-experts-want-security-revamp-nsa-revelatio > > ns-020838711--sector.html > > > > > > I'm not to concerned about the political aspect of this but do have to > > wonder what this means when we use sites that are supposed to be secure > > and use HTTPS. From reading that, it seems that even URLs with HTTPS > > are not secure. Is it reasonable to expect that even connections > > between say me and my bank are not really secure? > > The CA infrastructure was never secure. It exists to transfer money away > from website owners and into the bank accounts of the CAs and browser > makers. Security may be one of their goals, but it's certainly not the > motivating one. > > To avoid a tirade here, I've already written about this: > > [1] > http://michael.orlitzky.com/articles/in_defense_of_self-signed_certificates > .php > > [2] > http://michael.orlitzky.com/articles/why_im_against_ca-signed_certificates. > php > > Warning: they're highly ranty, and mostly preach to the choir in that I > don't give a ton of background. > > The tl;dr is, use a 4096-bit self signed certificate combined with > pinning. It's not perfect, but it's as good as it gets unless you plan > to make a trip to each website's datacenter in person.
Are you saying that 2048 RSA keys are no good anymore? -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
