Thank you! So in that case though, if all browsers are forcing to the https, is the only real value for incoming emails or such?
Quote from: Superduke on October 05, 2020, 07:40:14 pmThank you! So in that case though, if all browsers are forcing to the https, is the only real value for incoming emails or such? No.Few months (or years, can't remember), major browser providers or security companies decided that HTTP(s) connection should be primary connection for web browsing (which it has been quite a while now).You still can make HTTP connections, you just have to manually type http:// at the start of the address (right click eicar link and choose copy link address and paste it on your browsers address field), or add :80 to the end off the TLD (top level domain, which are .com, .net .uk and so on)
You can open the connection with an own intermediate certificate. Then the full traffic is readable again and can be filtered.For the emails: There are S/MIME and GPG for E2E encryption. So the email is never readable by anyone else.And for the increase of the encrypted traffic the cause is a massive violation of human rights as well as a protection against man in the middle attacks.
You are wrong - in case of S/MIME or GPG the mail itself is encrypted so webmail will usually not even work. With both, the mail itself contains a blob of encrypted data, which is decrypted by an email client (thunderbird for example).Your email will look like that: https://de.wikipedia.org/wiki/S/MIME#application/pkcs7-mimeWebmail usually does not have the keys required to decrypt the mails and also it is often not implemented.Good web app for hash reverse lookups btw.: https://crackstation.net/
Webmail usually does not have the keys required to decrypt the mails and also it is often not implemented.
Thanks all.....I think the topic deviated a bit to the email stream (I myself use Protonmail, through Thunderbird, the bridge works quite well!).That said, I'm still a bit confused on the AV use on http(s) based stuff...since if Clam doesn't scan http(s) sites or files based on them, and most modern browsers force https then what value does Clam really provide....any thoughts?