Re: [dev] TLS / HTTPS support

From: ilf <>
Date: Fri, 1 Sep 2017 10:15:24 +0200

No, I am serious. Users, who think HTTPS sucks, shouldn't use HTTP
euther, because that sucks, too. The choice shouldn't be HTTPS or HTTP,
but HTTPS or Gopher. But please let HTTP die.

In the current setup, users who type the domain into their
URL get HTTP cleartext. I think these users should get HTTPS.

And what about old external links to the site, they are currently 100%
HTTP, too. Without a redirect, HTTP will continue ti be used by many
users although many would rathet use HTTPs - or don't care.

OTOH, I have yet to read a valid example which software "breaks" with a
HTTP to HTTTPS redirect. I assume, it's very little software and
probably easily fixable - or should just die.

Anselm R Garbe:
>> If you can't speak TLS, then use gopher instead of HTTP. I hear HTTP
>> sucks, too.
> Come on, isn't this a contradiction to your always redirect approach?
> gopher is almost dead and doesn't provide any advantage over HTTP in
> terms of MIM prevention.
> I agree with hiro to let the user decide if he sticks to http or
> https, but that we shouldn't mandate https.

Über 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg!
		-- Eine Initiative des Bundesamtes für Tastaturbenutzung

Received on Fri Sep 01 2017 - 10:15:24 CEST

This archive was generated by hypermail 2.3.0 : Fri Sep 01 2017 - 10:24:30 CEST