Toerless Eckert wrote:
c) The PDF and your email is not really honest, because it says "http", but in reality every http URL is immediately redirected to https, aka: retiring ftp would further strengthen the policy USER MUST USE END TO END ENCRYPTION WHETHER THEY WANT TO OR NOT.
https, with intelligent intermediate entities of CAs, or PKIs in general, are not secure end to end vulnerable to MitM attacks on the CAs. Despite my warning here, which was privately denied by an security AD without reasoning, a CA of Diginotar was actually compromised to attack google successfully. So, never say a PKI, including https, is secure end to end. Masataka Ohta
