I'm not looking for downvotes here (though likely incomming anyways)
But, how "secure" is https, when even https has been as badly broken as ssh in recent times. I guess https is at least good enough to act as a placebo to tide the unwashed masses though. But, wouldn't it be better to update the spec, and then publish the Spec anywhere other the the N.S of A Land? Yeah this would also exclude the GCHQ-UK as well...
perhaps then I'd might have somewhat more real trust in https then I actually do. Which is to say I really don't.
And, One other thing If https was Once the "Black Tie for fancy Money transactions" (As it should remain so!), what are we going to replace it with, when https becomes the New Black? Its already known that https, and SSLs can't be fully trusted anymore. Sure Patches were published, and some may have even gone outta there way to install these. However its the Ones that haven't that scare the daylights outta me.