Re: [dev] suckless.org TLS / HTTPS support
On 31 August 2017 at 14:45, hiro <23hiro_AT_gmail.com> wrote:
> Now we have something much worse: letsencrypt and this completely
> insecure http redirection snake-oil.
>
> With letsencrypt you now have to put extra work (can't keep track of
> all the individual subdomains either, wildcards are suddenly a
> security risk?!), and nobody bothers to quanitfy the amount of gained
> security.
I don't really mind letsencrypt (actually I wouldn't mind to make a
deal with HonestAchmed or his cousin -- we can all trust them, because
the uncle of a friend is his step brother and knows the family very
well ;)), but I'm also a sceptic of HSTS.
Where do we really have a downgrade risk? In the content suckless
offers, this can be solved by using relative or non-protocol hrefs
everywhere. I wouldn't mind if existing external links are not
redirected, during time external references will adopt slowly.
BR,
Anselm
Received on Thu Aug 31 2017 - 15:07:11 CEST
This archive was generated by hypermail 2.3.0
: Thu Aug 31 2017 - 15:12:24 CEST