[cryptography] Let's go back to the beginning on this

Seth David Schoen schoen at eff.org
Tue Sep 13 14:31:59 EDT 2011


Andy Steingruebl writes:

> They used to be quite common, but other than 1 or 2 sites I visit
> regularly that I know ave self-signed certs, I *never* run into cert
> warnings anymore. BTW, I'm excluding "mixed content" warnings from
> this for the moment because they are a different but related issue.

I see it about once per week, but not in the course of my own browsing --
in the course of following up on HTTPS Everywhere bug reports where sites
used to have a valid cert (perhaps on an HTTPS site that they didn't
actively promote) and then stopped.  An example from yesterday was

https://www.senate.gov/

which had a valid cert a while ago and then recently stopped.  (Their
HTTPS support was reported to us as working on June 29; according to
Perspectives, the most recent change apparently happened on September 9.)

HTTPS Everywhere makes users encounter this situation more than they
otherwise might.

-- 
Seth Schoen  <schoen at eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
454 Shotwell Street, San Francisco, CA  94110   +1 415 436 9333 x107



More information about the cryptography mailing list