Follow

Stupid question: if I host a webside over itty.bitty.site without SSL certificate, but with a hash at the end of the website, then the end-user could check the websites integrity and authentication against my GPG public key to prove that it hasn't been tampered with and was written by me.

What the end-user won't get is the TLS-encrypted connection and transfer of the website.

Am I getting it right?

· · Web · 0 · 0 · 0
Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.