Follow

Does my site need HTTPS?

Find out if your site needs HTTPS.

(Hint: it does)

doesmysiteneedhttps.com/

@ScottMortimer@infosec.exchange why does this send me to a different domain that's in french and the "english" button does nothing?...

Security aside, google ranks sites with https higher than sites without all else being equal.

@ScottMortimer
One genuine question, is there a point in doing that if the downloaded file will be immediately verified (with e.g. GPG or signify-openbsd)? It seems redundant to verify the connection when the result will be checked anyway (so it already can't be tampered with).

The public keys would obviously be shared over HTTPS.

@ScottMortimer
If you are so scared of ads being injected into your favorite http website, don't visit it in compromised networks.

@ScottMortimer @sirjofri This site is mostly fine (I dislike the tone of these things; responding to people as though they’re dumb isn’t great), but disagree with "At least I can still serve my site over both HTTP and HTTPS." on both technical and philosophical grounds.

I’ll skip the philosophical, since this site wants to pretend it’s all objective. Technically: frequently unnecessary, makes debugging harder, makes sites less accessible; see Eric Meyer’s writeup: meyerweb.com/eric/thoughts/201

@a @ScottMortimer @sirjofri Server-client architecture in general isn't great for local caching. Those with slow connections would probably benefit more from tech like NDN than from anything piled onto TCP/IP.
( named-data.net/ )

@csepp @a @ScottMortimer well, in my plan 9 system I can have one central server that runs the webfs and does local caching. I can connect with many clients, mount that webfs and use that. Technically all browsers are the same client on the same machine. Of course privacy is a different story then, but the browser doesn't need to know about encryption at all

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.