coates’s avatarcoates’s Twitter Archive—№ 24,033

  1. Happy to see DNS and "Equally Risky" won here. That's correct: if you control DNS, you can control HTTPS (in 2022). I love the convenience of automated certificate grants, but pretending HTTPS is fully authenticated when it's based on fully-unauthenticated DNS is naïve at best. coates/1521672604062466048
    On twitter.com Twitter logo coates’s avatar Mood +8 🙂
    1. …in reply to @coates
      …and that’s still not as bad as “compromised email is the key to everything” for values of “everything” that allow forgotten password resets via email.
      Permalink On twitter.com Twitter logo coates’s avatar Mood -3 🙁