I’ve had an item on DaedTech’s Trello board for a good, long time now. Switch over to using SSL. And, fear not those of you who enjoy this blog! You can now browse confidently, without worrying that some impostor is feeding you misinformation about expert beginners, journeyman idealists, and other random neologisms that come out of my twisted mind. Take that, internet evildoers. I can almost sense everyone’s relief from here.
What Does This Actually Mean?
I started to call this header, “How SSL works,” but I got bored before I even finished typing that sentence fragment. You can read a primer about it, if you’re so inclined.
The 10,000 foot explanation is that it’s a mechanism for making your browsing a private conversation between you and DaedTech. For instance, say that you were sitting in an airport a week ago, and you browsed to my blog. Your HTTP request and DaedTech’s response would happen in plain text. Anyone else in the airport sufficiently motivated to do so could eavesdrop on the back end forth and even execute a man in the middle attack. As I said before, they could have deliberately fed you misinformation about expert beginners.
Or, perhaps more importantly, they could eavesdrop on your credentials if you had an account on my blog. That’s really the idea of SSL — it aims to make communication private and not subject to these sorts of interposition and alteration schemes. By installing SSL on my site, I have now prevented that from happening. When you browse DaedTech, you now do so over HTTPS, all communication encrypted and my SSL certification verified. This latter concern means an outside agency says, “you can believe that this is DaedTech and not an impostor.”
Contrary to the green locks and the “secure” wording in the URL bars, however, this does necessarily mean “you’re all good.” Scott Hanselman summed this up well in a tweet.
HTTPS & SSL doesn’t mean “trust this.” It means “this is private.” You may be having a private conversation with Satan.
— Scott Hanselman (@shanselman) April 4, 2012