A fascinating conversation about the birth and development of ssl, and how it might have lost its way. I find it very interesting that while there have been a few updates to SSL technology — such as bidding good riddance to the MD5 hash — most have simply been aesthetic or administrative changes to attempt to focus more on that secure connection between two points (ie, reducing the chance of MITM). I’m thinking particularly of EV SSL, which boasts a more robust vetting process from the CA and the “unspoofable” green url bar — which are really just attempts to allow good ol’ SSL to do its job with more efficiency. And I agree that it’s occasionally over-sold as a data protector, but the sheer number of phishing scams exploiting unknowledgeable users out there suggests that most folks aren’t quite sure what SSL does or how to recognize that it’s doing its job. Hopefully shifts in the technology (EV SSL included) will help remedy that.