Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I'm refering to the portion of the comment I was responding to: "These "financial secrets" are emailed in the clear after every transaction"

The implication being that since they were sending the information in the clear in a separate part of their system, that they were wrong in configuring their https site as they did. I object to that conclusion.



Ah. Patchy works there. I'm sorry about that. Having a hairtrigger day.


No worries!


No, that indicates that these were not actually financian secrets, hence the quotes.


I'm going to go ahead and give the developers of the particular site the benefit of the doubt and not you, if you don't mind.

Furthermore, one particular site using https in a particular mode when they don't need to use https at all is still not a logical argument against other sites using https with those ciphers.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: