Twitter | Search | |
Scott Hanselman
HTTPS & SSL doesn't mean "trust this." It means "this is private." You may be having a private conversation with Satan.
Reply Retweet Like More
Favstar.fm 1000★'s 2 Aug 12
Congrats on your 100★ tweet!
Reply Retweet Like
Scott Hanselman 2 Aug 12
thank you! :)
Reply Retweet Like
Big 2 Aug 12
Actually, it only means "someone who can read email sent to webmaster@satan.com" Only Jesus knows whether it's really him
Reply Retweet Like
Tim Haines 2 Aug 12
currently your fifth most retweeted tweet?
Reply Retweet Like
Martin Stemplinger 2 Aug 12
< SSL should mean "private", after all the CA fails I'm not so sure it really does
Reply Retweet Like
Dave Piscitello 5 Aug 12
MITB attacks make it even less than that. No privacy assurance: you cannot trust endpoint. SSL means "not plaintext"
Reply Retweet Like
Andrew 17 Feb 14
thank god you say that! i've had numerous discussions like this with several people across the industry--somehow it escapes them
Reply Retweet Like
Philip Hofstetter 17 Feb 14
but at least you will know that you are talking to him as opposed to an imposter
Reply Retweet Like
pablo Jan 13
but at least you know it's Satan and not an impersonator.
Reply Retweet Like
mfollett Jan 13
It actually doesn’t even mean it is private. It means one of any number of 3rd parties claims it is private.
Reply Retweet Like
Jason Palmer Jan 13
the nsa take the steps required .....
Reply Retweet Like
Max Burke Jan 13
Trust chain complicates this. Would be nice to have "private" HTTP that secures connection but w/o cert pain.
Reply Retweet Like
Max Burke Jan 13
Would be really useful especially for corporate intranet/private sites.
Reply Retweet Like
John V. Petersen Jan 13
Satan notwithstanding, there still may be trust. Might be a lawyer at the other end of the conversation... :-P
Reply Retweet Like
Micah Hainline Jan 13
I usually am. I try to keep ALL my conversations with Satan private.
Reply Retweet Like
Kim Bjørn Tiedemann Jan 13
does Satan use extended validation?
Reply Retweet Like
Dominick Baier Jan 14
well - with SSL even that is questionable. TLS would be better.
Reply Retweet Like
Pedro Félix Jan 14
That statement forgets HTTPS server authn, i.e., the verification between URL host and server name
Reply Retweet Like