Re: The Reg?
quote: "Despite years of stories about illegal mass surveillance, and insightful articles covering the merits and pitfalls of SSL... remains insecure, with no encryption at all?"
My company is in process of implementing a transparent MITM box to "virus scan" incoming SSL traffic alongside the unencrypted stuff along the company internet connection, so in my case it would make approximately fuck all difference in my exposure to possible surveillance; switching to HTTPS would just mean it's on the logs of another appliance. I am sure many multinationals already do this on their own networks, so I think the "security" of SSL should already be considered suspect for any corporate connection regardless of key length, and TBH I'd also consider it suspect on a home connection, as the certificate registries (i.e. the ones your OS / browser trusts by default) are already physically on the turf of one government or another. I don't actually trust any of them to not be already compromised in the name of national security (i.e. a government MITM box at the ISP, using certs signed by a cetificate registry that your browser implicitly trusts).
In my opinion, the Reg in clear text is as secure as it is ever going to get, regardless of the SSL technologies that could be implemented, and the same goes for every internet site ever pretty much. :)