I've recently had the privilege of doing some traveling internationally, and I noticed that (particularly in Asia) HTTPS is very infrequently used, even on government and educational websites where users login and provide sensitive information. I did some reading on Wikipedia about the export of encryption technologies from the USA being a potential issue, but I was under the impression that utilities like OpenSSL were pretty much free for use everywhere, and that CA's were able to issue certificates to any countries that weren't considered to be "unstable" or "at odds" with either the UN or USA (not sure of specifics on this one). Knowing how easy it is for an attacker to sniff HTTP traffic on WiFi networks, I was shocked that these institutions weren't protecting their users by implementing HTTPS. And without identity confirmation, there's not even a guarantee that the users are in the right place, whether on WiFi or not.
So, for anyone with any experience in international web security themes, does anyone know why HTTPS isn't being used? Is there something else their users are doing to protect themselves that I'm just totally in the dark about?
Aucun commentaire:
Enregistrer un commentaire