Re: [dev] suckless.org TLS / HTTPS support

From: Anselm R Garbe <garbeam_AT_gmail.com>
Date: Thu, 31 Aug 2017 16:15:33 +0200

On 31 August 2017 at 15:36, Hiltjo Posthuma <hiltjo_AT_codemadness.org> wrote:
> On Thu, Aug 31, 2017 at 03:07:11PM +0200, Anselm R Garbe wrote:
>> well ;)), but I'm also a sceptic of HSTS.
>
> Can you explain why you are a sceptic of HSTS?

I'm sceptic of using HSTS on suckless.org. I think it is superfluous.

I really prefer that website visitors perform a *conscious* transition
to https urls of suckless.org (after learning about it in our news
feed that you wrote) rather than mandating the browser (which might
support HSTS) to perform some kind of a "magic" transition instead.
Actually the user might not notice at all if his browser supports
HSTS.

It's kind of an infantilization of the user.

Also I dislike the idea that browsers effectively share HSTS
information gathered in regular mode even in private (aka incognito)
mode (at least I read about this last time I looked into HSTS, which
is a while back).

BR,
Anselm
Received on Thu Aug 31 2017 - 16:15:33 CEST

This archive was generated by hypermail 2.3.0 : Thu Aug 31 2017 - 16:24:20 CEST