On Wed, Jan 19, 2011 at 12:57:48PM +0000, Camaleón wrote: > On Wed, 19 Jan 2011 03:29:15 -0800, S Mathias wrote: > > 3) Can someone trust this Add-on? Is it safe to install/use? > > I don't like/trust anoymous (even encrypted) proxy sites.
HTTPS Everywhere is not a proxy site, encrypted, anonymous, or otherwise. It causes your browser to request that the sites you visit use HTTPS rather than cleartext HTTP when communicating (directly) with you. Nothing more, nothing less. > > 4) If it's so great why isn't it more prevalent? > > - SSL traffic is heavy and slow ... > My opinion is that I don't want to encrypt all the traffic, at least not > with the slow DSL connections/hosts we have now (loading a single page > will take seconds). I don't know where you get this idea. SSL traffic is no different on the wire than any other data traffic. There is a cost in processing overhead for running the encryption algorithms on the client and on the server, but it does not incur any additional bandwidth requirements and, with modern hardware, the additional processing cost is negligible. > - There no need (normally) for encrypting public navigation (see the note > below) ... > I prefer to leave the SSL/TLS for sensitive data (logins, etc...). When dealing with sites which use session cookies, "public navigation" *is* "sensitive data", as every request sent will include the cookie(s) which identify you and an attacker who gains access to that data would be able to use those cookies to impersonate you for the lifetime of that session, as demonstrated by the recent uproar over FireSheep. -- Dave Sherohman -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110119131758.gf3...@sherohman.org
