From: gtaylor@tnetconsulting.net (Grant Taylor)
Subject: [TUHS] unix "awesome list"
Date: Tue, 8 May 2018 13:54:26 -0600 [thread overview]
Message-ID: <cf7cb033-8539-9a06-2a56-820d19800095@spamtrap.tnetconsulting.net> (raw)
In-Reply-To: <alpine.BSF.2.21.999.1805090533410.79090@aneurin.horsfall.org>
On 05/08/2018 01:37 PM, Dave Horsfall wrote:
> I'll bet my website (about a few feet away from me) is smaller still :-)
Props for hosting your own site.
> But yeah. I've been told that I *need* HTTPS, even though the damned
> site is purely passive...
I think /need/ may be a strong word.
I *strongly* believe in the various cache ability aspects of unencrypted
HTTP.
That being said, I understand and believe in the two following reasons
for supporting encrypted HTTPS:
1) Encryption (from a verifiable source) makes it next to impossible
for malicious actors to inject things into your site's traffic. (Think
about the various JavaScript injection techniques used for ads /
tracking / malware / crypto mining / etc.)
2) Creating more noise for someone with higher value signal to hide in
when they really need to.
Finally, things like Let's Encrypt and other free cert providers make it
much less expensive to use encrypted HTTPS.
I'm perfectly fine with people running unencrypted HTTP and encrypted
HTTPS side by side. Even if you don't do a redirect from unencrypted
HTTP to encrypted HTTPS.
It's really up to each site administrator. I'm 60% for and 40% against
encrypted HTTPS everywhere.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20180508/fbee360f/attachment.bin>
next prev parent reply other threads:[~2018-05-08 19:54 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-08 15:17 Noel Chiappa
2018-05-08 15:22 ` Warner Losh
2018-05-08 16:18 ` Arthur Krewat
2018-05-08 19:37 ` Dave Horsfall
2018-05-08 19:54 ` Grant Taylor [this message]
-- strict thread matches above, loose matches on Subject: below --
2018-05-07 18:22 A. P. Garcia
2018-05-07 21:10 ` Dave Horsfall
2018-05-07 21:53 ` Steve Johnson
2018-05-08 12:24 ` Theodore Y. Ts'o
2018-05-08 13:51 ` Bakul Shah
2018-05-08 14:53 ` Clem Cole
2018-05-08 15:23 ` Jon Steinhart
2018-05-08 15:31 ` Steve Johnson
2018-05-08 16:32 ` Clem Cole
2018-05-08 17:33 ` Theodore Y. Ts'o
2018-05-08 18:40 ` William Cheswick
2018-05-08 21:25 ` Bakul Shah
2018-05-08 21:15 ` Bakul Shah
2018-05-08 16:31 ` Michael Parson
2018-05-08 17:20 ` Larry McVoy
2018-05-08 17:49 ` Michael Parson
2018-05-08 20:48 ` Dave Horsfall
2018-05-08 17:53 ` Theodore Y. Ts'o
2018-05-07 21:54 ` Steve Nickolas
2018-05-08 8:14 ` Mutiny
2018-05-07 22:34 ` Andy Kosela
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cf7cb033-8539-9a06-2a56-820d19800095@spamtrap.tnetconsulting.net \
--to=gtaylor@tnetconsulting.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).