Sign in / up

Reply to post: Re: I still wait for Let's Authenticate...

Web body mulls halving HTTPS cert lifetimes. That screaming in the distance is HTTPS cert sellers fearing orgs will bail for Let's Encrypt

Charles 9
Reply Icon

Re: I still wait for Let's Authenticate...

"In the sense that you know you are talking to the owner of that cert it will always be safer."

Not necessarily. What if the cert was stolen...or made using a stolen identity? Sure, the cert says it was issued to X, but how can you be sure X is X, just as how can you be sure Bob is really Bob and not Eve, Mallory, or Gene who took on Bob's identity?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon