Oddbean new post about | logout
 Actually, come to think of it .. static content is easily copied, so SSL/TLS's authenticity verification is not so meaningful, the normal case validates the domain only. But then, the content could easily be copied and hosted from another domain, which can just as easily have a valid cert.