- From: Eliot Lear <lear@cisco.com>
- Date: Fri, 15 Aug 2014 21:41:23 +0200
- To: Roland Zink <roland@zinks.de>
- CC: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Received on Friday, 15 August 2014 19:41:55 UTC
On 8/15/14, 7:25 PM, Roland Zink wrote: > Don't think that a valid cert really helps here although it may give a > hint about who is responsible. We don't have causality, but we do have data. And so one man's conjecture is as good as the next's. Here's mine: the majority of illicit servers are actually running on hacked systems and the data is being served off a simple HTTP server, where no warning is produced. It costs money to get a cert for that system, which doesn't actually buy the miscreant anything. Eliot
Received on Friday, 15 August 2014 19:41:55 UTC