Re: [dev] https for suckless.org?

From: Sylvain BERTRAND <sylvain.bertrand_AT_gmail.com>
Date: Sun, 25 Sep 2016 14:29:56 +0200

On Sat, Sep 24, 2016 at 08:54:39PM +0200, ilf wrote:
> I for one would love to see unencrypted communications on the internet die.

HTTPS CA concept is broken in itself, then adds unwanted complexity.

The middle grounds would be:
        - to self-sign suckless certificate
        - use a properly distributed CA set of certificates in all "web"
          (what's left of it) browsers (or OSes) whose CA signs "en masse"
          certificates for everybody who wants one without asking questions.

Of course, the self-signing certificate will annoy anybody wanting to browse
suckless www as it usually triggers tons of warnings requiring user input (at
least the first time) or action even more annoying. And "standard" web browsers
present those self-signing certificate www sites as *EVIL THAT WILL EAT THE
WORLD*... or it's a cheap man-in-the-middle attack.

But, suckless www user target is not the "lambda" type then I guess it's fine. :)

The right(TM) answer _would_ be something like HTTPSSH (on port 666? :) ). Just
need proper RFCs to point on SSH tunnel specs and URL/port definitions. Kind of.

Cheers,

-- 
Sylvain
Received on Sun Sep 25 2016 - 14:29:56 CEST

This archive was generated by hypermail 2.3.0 : Sun Sep 25 2016 - 14:36:11 CEST