Comment by codedokode
3 years ago
The purpose of using HTTPS is to make connections more secure. Giving away SSL certificates to anyone does not serve this purpose.
3 years ago
The purpose of using HTTPS is to make connections more secure. Giving away SSL certificates to anyone does not serve this purpose.
It absolutely serves this purpose in a world in which there unfortunately is no TOFU/unauthenticated encryption for TLS (i.e. ours).
Thanks to widely available HTTPS certificates, "evil hackers stealing your cookies on public Wi-Fi" is not a thing anymore.
We should definitely have a discussion about whether it's made active attacks more feasible, but I think the goal of making passive sniffing less trivial than it was before can be considered achieved.