Twitter | Search | |
Scott Hanselman
HTTPS & SSL doesn't mean "trust this." It means "this is private." You may be having a private conversation with Satan.
Reply Retweet Like More
Favstar.fm 1000★'s 2 Aug 12
Replying to @shanselman
Congrats on your 100★ tweet!
Reply Retweet Like
Scott Hanselman 2 Aug 12
Replying to @YazinAlhamdi
thank you! :)
Reply Retweet Like
I99n C99l9ers 2 Aug 12
Replying to @shanselman @mikko
Actually, it only means "someone who can read email sent to webmaster@satan.com" Only Jesus knows whether it's really him
Reply Retweet Like
Tim Haines  🇳🇿 2 Aug 12
Replying to @shanselman
currently your fifth most retweeted tweet?
Reply Retweet Like
Martin Stemplinger 2 Aug 12
Replying to @shanselman
< SSL should mean "private", after all the CA fails I'm not so sure it really does
Reply Retweet Like
Dave Piscitello 5 Aug 12
Replying to @shanselman @duncanhart
MITB attacks make it even less than that. No privacy assurance: you cannot trust endpoint. SSL means "not plaintext"
Reply Retweet Like
Andrew 17 Feb 14
Replying to @shanselman
thank god you say that! i've had numerous discussions like this with several people across the industry--somehow it escapes them
Reply Retweet Like
Philip Hofstetter 17 Feb 14
Replying to @shanselman @ikr
but at least you will know that you are talking to him as opposed to an imposter
Reply Retweet Like
Pablo 13 Jan 16
but at least you know it's Satan and not an impersonator.
Reply Retweet Like
mfollett 13 Jan 16
Replying to @shanselman @wnodom
It actually doesn’t even mean it is private. It means one of any number of 3rd parties claims it is private.
Reply Retweet Like
Jason R. Palmer 13 Jan 16
Replying to @shanselman
the nsa take the steps required .....
Reply Retweet Like
Max Burke 13 Jan 16
Replying to @shanselman
Trust chain complicates this. Would be nice to have "private" HTTP that secures connection but w/o cert pain.
Reply Retweet Like
Max Burke 13 Jan 16
Replying to @shanselman
Would be really useful especially for corporate intranet/private sites.
Reply Retweet Like
Micah Hainline 13 Jan 16
I usually am. I try to keep ALL my conversations with Satan private.
Reply Retweet Like
Kim Bjørn Tiedemann 13 Jan 16
does Satan use extended validation?
Reply Retweet Like
Dominick Baier 14 Jan 16
well - with SSL even that is questionable. TLS would be better.
Reply Retweet Like
Pedro Félix 14 Jan 16
That statement forgets HTTPS server authn, i.e., the verification between URL host and server name
Reply Retweet Like
Simon Timms Mar 29
Replying to @shanselman
Arguably EV certificates are supposed to provide some limited non-Satan assurances
Reply Retweet Like