(no title)
ds9
|
11 years ago
I meant that sending logon + password is somewhat pointless if it's plaintext over the internet, while if you have some encryption going on, someone intercepting the data in transit would have a harder time using it to trick the client or the server. In that sense authentication is more meaningful with a certificate -- even though using a CA still allows interception by a government actor. It narrows the range of those who can "break" the attempted security.
dvanduzer|11 years ago
None of my arguments about X.509 / CAs are about government actors in particular, though. There are enough root CAs trusted by the major browser vendors that breaches can (and have) happened with minimal resource expenditure.