[TUHS] unix "awesome list"
Grant Taylor
gtaylor at tnetconsulting.net
Wed May 9 05:54:26 AEST 2018
On 05/08/2018 01:37 PM, Dave Horsfall wrote:
> I'll bet my website (about a few feet away from me) is smaller still :-)
Props for hosting your own site.
> But yeah. I've been told that I *need* HTTPS, even though the damned
> site is purely passive...
I think /need/ may be a strong word.
I *strongly* believe in the various cache ability aspects of unencrypted
HTTP.
That being said, I understand and believe in the two following reasons
for supporting encrypted HTTPS:
1) Encryption (from a verifiable source) makes it next to impossible
for malicious actors to inject things into your site's traffic. (Think
about the various JavaScript injection techniques used for ads /
tracking / malware / crypto mining / etc.)
2) Creating more noise for someone with higher value signal to hide in
when they really need to.
Finally, things like Let's Encrypt and other free cert providers make it
much less expensive to use encrypted HTTPS.
I'm perfectly fine with people running unencrypted HTTP and encrypted
HTTPS side by side. Even if you don't do a redirect from unencrypted
HTTP to encrypted HTTPS.
It's really up to each site administrator. I'm 60% for and 40% against
encrypted HTTPS everywhere.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20180508/fbee360f/attachment.bin>
More information about the TUHS
mailing list