You could have a URL format that includes the signature of the key. Big sites wo... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

7952 on Aug 6, 2014 | parent | context | favorite | on: Hypertext Transfer Protocol Version 2

You could have a URL format that includes the signature of the key. Big sites would transparently add the signature and the browser would give a warning if the signature is different. You could add the same signature information to cookies and warn the user if it changes.

xorcist on Aug 6, 2014 [–]

There is a big tradeoff here: The ability to enter URLs manually.

This is what we tell users to do today for important sites, and not click in links in mail or elsewhere. It is not obvious that there is a net benefit in security.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact