Mike O'Connor
badge icon Admin · 27 July 2018 ·
all links are HTTP not HTTPS. not one link matches the sender's domain. highly suspicious. shitcanned it as spam. y'know, an org that's all about domain names could probably set a better example... No photo description available.
19James Sterbenz and 18 others 9 comments
Maxim Alzoba it might be a reason for low response rate 🙂 3
Hillary Jett For what it’s worth, I went ahead and escalated this back up to ICANN to look into. I can’t guarantee any changes, but as a former Comms employee I think it should be addressed quickly. 1
Richard Sexton >all links are HTTP not HTTPS.
GOOD.
HTTP! Everywhere.
Remember, you can only be tracked with HTTPS, that way they can say in court it's you. HTTP, not so much. HTTPS isn't for YOUR security, it's for THEIRS.
Phillip Remaker Um, no? HTTPS only authenticates the server, not the client. Unless you have set your client to present an irrefutable certificate, nothing can be proven. https://blog.cloudflare.com/introducing-tls-client-auth/ Introducing TLS with Client Authentication
BLOG.CLOUDFLARE.COM
1
Richard Sexton >Unless you have set your client to present an irrefutable certificate, nothing can be proven Thank you for agreeing with me.
Phillip Remaker Richard Sexton I don’t think I did. No browsers have certificates installed unless you take great pains.
Simon Higgs News at 11: Half of reciprocal server key pair becomes client certificate.
Richard Sexton I'm no expert on this stuff but I've worked rough with it to remember you have to generate your big ass number that gets mixed into the other big ass number that makes all this work.
Have you worked with this much Phillip? Do you remember generation root certs and how hat's done? pem this and pem that.
Fundamentally, DJB's stuff means nobody can peek at the packets but you may not know who it's from. https means it may not be secure but you know where it's from.
Jay Sudowski You might want to blur your email