Does my site need HTTPS?
Find out if your site needs HTTPS.
(Hint: it does)
@ScottMortimer
> "Look, this discussion isn't about PKI"
@ScottMortimer
> It's on cjdns
@ScottMortimer
One genuine question, is there a point in doing that if the downloaded file will be immediately verified (with e.g. GPG or signify-openbsd)? It seems redundant to verify the connection when the result will be checked anyway (so it already can't be tampered with).
The public keys would obviously be shared over HTTPS.
DISAGREE.
@ScottMortimer
If you are so scared of ads being injected into your favorite http website, don't visit it in compromised networks.
@ScottMortimer @sirjofri This site is mostly fine (I dislike the tone of these things; responding to people as though they’re dumb isn’t great), but disagree with "At least I can still serve my site over both HTTP and HTTPS." on both technical and philosophical grounds.
I’ll skip the philosophical, since this site wants to pretend it’s all objective. Technically: frequently unnecessary, makes debugging harder, makes sites less accessible; see Eric Meyer’s writeup: https://meyerweb.com/eric/thoughts/2018/08/07/securing-sites-made-them-less-accessible/
@a @ScottMortimer @sirjofri Server-client architecture in general isn't great for local caching. Those with slow connections would probably benefit more from tech like NDN than from anything piled onto TCP/IP.
( https://named-data.net/ )
@csepp @a @ScottMortimer well, in my plan 9 system I can have one central server that runs the webfs and does local caching. I can connect with many clients, mount that webfs and use that. Technically all browsers are the same client on the same machine. Of course privacy is a different story then, but the browser doesn't need to know about encryption at all
@ScottMortimer@infosec.exchange why does this send me to a different domain that's in french and the "english" button does nothing?...