← Back to context

Comment by jamer

11 years ago

Authentication and encryption are fundamentally separate ideas, and the problem here is that the CA system mixes them together, when an optimal solution (read: encryption everywhere) would be to tackle them separately.

    Encrypted (Certified)    AUTHENTICATED & ENCRYPTED
    Encrypted (Self-Signed)  NOT AUTHENTICATED & ENCRYPTED
    Unencrypted              NOT AUTHENTICATED & NOT ENCRYPTED

Doing financial work or communicating with friends/coworkers? Make sure you're connection is authenticated and encrypted.

Connecting to a blog? Encryption is a plus (and is the topic of this very HN post). But unencrypted is also okay.

The original CA system was not designed to defend against mass surveillance so it had little incentive to separate these concerns.

0 comments

jamer

Reply