Re: [dev] suckless.org TLS / HTTPS support

From: Anselm R Garbe <garbeam_AT_gmail.com>
Date: Thu, 31 Aug 2017 15:07:11 +0200

On 31 August 2017 at 14:45, hiro <23hiro_AT_gmail.com> wrote:
> Now we have something much worse: letsencrypt and this completely
> insecure http redirection snake-oil.
>
> With letsencrypt you now have to put extra work (can't keep track of
> all the individual subdomains either, wildcards are suddenly a
> security risk?!), and nobody bothers to quanitfy the amount of gained
> security.

I don't really mind letsencrypt (actually I wouldn't mind to make a
deal with HonestAchmed or his cousin -- we can all trust them, because
the uncle of a friend is his step brother and knows the family very
well ;)), but I'm also a sceptic of HSTS.

Where do we really have a downgrade risk? In the content suckless
offers, this can be solved by using relative or non-protocol hrefs
everywhere. I wouldn't mind if existing external links are not
redirected, during time external references will adopt slowly.

BR,
Anselm
Received on Thu Aug 31 2017 - 15:07:11 CEST

This archive was generated by hypermail 2.3.0 : Thu Aug 31 2017 - 15:12:24 CEST