Re: [dev] https for suckless.org?

From: ilf <ilf_AT_zeromail.org>
Date: Sun, 25 Sep 2016 14:47:30 +0200

Sylvain BERTRAND:
> HTTPS CA concept is broken in itself, then adds unwanted complexity.

X.509 is bad design, but we can leave that for people that really don't
know any different - and it's still better than unauthenticated
cleartext.

Everyone else - the suckless crowd - can use certificate pinning.

-- 
ilf
Über 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg!
		-- Eine Initiative des Bundesamtes für Tastaturbenutzung

Received on Sun Sep 25 2016 - 14:47:30 CEST