Google is pushing HTTPS aggressively. The problem is that it costs a lot of money to subscribe for a certificate, This means Google must be on the payroll.
Prices were have seen are in the range of $150 or more annually. This site does not earn nearly that much. So this only favors large business.
Worse is that alleged certificate vendors, they have been broken into and their databases have been copied. Lenovo has also been caught installing root certificates which lead to all kinds of abuses. DIGINOTAR was broken into.
In 2010, Google reported they had been broken into. They never did come clean over what was lost. This coincides when we stopped using their Adsense. Cisco was also loaded with spyware this year.
In 2011, RSA executive chairman Art Coviello disclosed that RSA’s network had been compromised by attackers who took information related to its SecurID tokens, a break-in later linked to a cyberattack at Lockheed Martin. RSA decided to replace 40 million SecurID tokens because of the breach of its network, attributed to a “nation-state” which many believed was China.
Facebook was mugged for source code in 2011. Yahoo managed to loose the key for their servers and 500 million accounts were pwned. ,Comodo, DigiNotar and GlobalSign were all pwned when they were penetrated.,
In 2012 Symantec security software source code was stolen which rendered it completely vulnerable to circumvention..Adobe was also broken into and lost source code galore.
In 2013, security firm Bit9 was broken into and all their code signing software and certificates were stolen. Evernote lost 50 million accounts. Yahoo in Japan lost 1.23 million accounts while Goo lost more
Today, we received notification that Yahoo had once again been hacked and user accounts compromised. Only 1 billion accounts were affected. Verizon owns Yahoo and they reported the breach.
Now comes Googl who is flogging HTTPS with their Chrome browser. Once again, we DO NOT TRUST certificate vendors.
TLS is nothing but using RSA public key systems. The so-called certificate is simply a copy of the site’s public key. The intermediary is simply a vulture parasite.
RSA has 2 keys, one public and one private. Messages can be signed by the private key, and the public key can show proof of origin.
This video is so full of nonsense about HTTPS it clear there is only one intent., To sell certificates.
We have much expertise with security. See about us.