http
Mike O'Connor
badge icon
Admin
· 27 July 2018 ·
all links are HTTP not HTTPS. not one link matches the sender's domain. highly suspicious. shitcanned it as spam. y'know, an org that's all about domain names could probably set a better example...
No photo description available.
19James Sterbenz and 18 others
9 comments
Maxim Alzoba
it might be a reason for low response rate 🙂
3
Hillary Jett
For what it’s worth, I went ahead and escalated this back up to ICANN to look into. I can’t guarantee any changes, but as a former Comms employee I think it should be addressed quickly.
1
Richard Sexton
>all links are HTTP not HTTPS.
GOOD.
HTTP! Everywhere.
Remember, you can only be tracked with HTTPS, that way they can say in court it's you. HTTP, not so much.
HTTPS isn't for YOUR security, it's for THEIRS.
Phillip Remaker
Um, no? HTTPS only authenticates the server, not the client. Unless you have set your client to present an irrefutable certificate, nothing can be proven. https://blog.cloudflare.com/introducing-tls-client-auth/
Introducing TLS with Client Authentication
BLOG.CLOUDFLARE.COM
1
Richard Sexton
>Unless you have set your client to present an irrefutable certificate, nothing can be proven
Thank you for agreeing with me.
Phillip Remaker
Richard Sexton I don’t think I did. No browsers have certificates installed unless you take great pains.
Simon Higgs
News at 11: Half of reciprocal server key pair becomes client certificate.
Richard Sexton
I'm no expert on this stuff but I've worked rough with it to remember you have to generate your big ass number that gets mixed into the other big ass number that makes all this work.
Have you worked with this much Phillip? Do you remember generation root certs and how hat's done? pem this and pem that.
Fundamentally, DJB's stuff means nobody can peek at the packets but you may not know who it's from. https means it may not be secure but you know where it's from.
Jay Sudowski
You might want to blur your email