TLS *encryption* can't be compromised by oppressive goverments. Only the CA-base... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jbri on Aug 29, 2011 \| parent \| context \| favorite \| on: Javascript Cryptography Considered Harmful TLS encryption can't be compromised by oppressive goverments. Only the CA-based authentication can. Trying to "fix" this by rolling your own ad-hoc encryption (while ignoring the authentication issue entirely) is completely missing the point.

tptacek on Aug 29, 2011 [–]

Only the configuration of the CA-based authentication can. Nobody loves X509 PKIs, but so far, they seem to "work".

This matters because you can literally write a HOWTO that my mom could follow to get a browser configured so that China can't snoop on (many of) your HTTPS connections. No code required.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact