Reply to post: Good Enough

Vapourware no more: Let's Encrypt announces first cert dates

Stuart 22 Silver badge

Good Enough

This is good. I do use StartSSL which is really just for the Nerdy. They both offer AFAIK the same level of protection between the browser and the server which means, in practice, that all those Wordpress logins and stuff are encrypted. So people like me can no longer sniff them on shared networks.

So GCHQ/NSA and top-notch gangs may be able to break/steal certificates and MITA targets. But no casual stuff. The weakness of Class 1 certificates is they do not prove that the domain link is 'authentic'. Never Knowingly Undertold JohnLevis.com will give a green padlock and still run off with your money.

How we develop and make people aware of the sliding scale of security they expect from their blog to their bank is the trick. Creating expectations to match the class of the certificate from a simple encrypted connection to a properly authenticated and verified source. Judging from the amount of green stuff in the URL bar of Chrome is not enough.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022