@ScottMortimer@infosec.exchange why does this send me to a different domain that's in french and the "english" button does nothing?...
One genuine question, is there a point in doing that if the downloaded file will be immediately verified (with e.g. GPG or signify-openbsd)? It seems redundant to verify the connection when the result will be checked anyway (so it already can't be tampered with).
The public keys would obviously be shared over HTTPS.
If you are so scared of ads being injected into your favorite http website, don't visit it in compromised networks.
@ScottMortimer @sirjofri This site is mostly fine (I dislike the tone of these things; responding to people as though they’re dumb isn’t great), but disagree with "At least I can still serve my site over both HTTP and HTTPS." on both technical and philosophical grounds.
I’ll skip the philosophical, since this site wants to pretend it’s all objective. Technically: frequently unnecessary, makes debugging harder, makes sites less accessible; see Eric Meyer’s writeup: https://meyerweb.com/eric/thoughts/2018/08/07/securing-sites-made-them-less-accessible/
@csepp @a @ScottMortimer well, in my plan 9 system I can have one central server that runs the webfs and does local caching. I can connect with many clients, mount that webfs and use that. Technically all browsers are the same client on the same machine. Of course privacy is a different story then, but the browser doesn't need to know about encryption at all
A Mastodon instance for info/cyber security-minded people.