Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2024-03-14 12:54:54

gaekwad
Server grease monkey
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 4,268
GitHub

HTTPS & HTTP

Topic split to continue discussion, parent thread closed since testing was complete and test URL was taken offline.

Vienuolis wrote #336755:

Why not leave the option of unencrypted access open these days?

For a number of reasons – it’s best practice, it’s expected, it reduces the attack surface for man in the middle attacks, it’s no longer computationally expensive to offer, and a whole lot more.

Last edited by gaekwad (2024-03-14 14:34:42)

Offline

#2 2024-03-15 20:22:28

Vienuolis
Member
From: Vilnius, Lithuania
Registered: 2009-06-14
Posts: 310
Website GitHub GitLab Mastodon Twitter

Re: HTTPS & HTTP

gaekwad wrote #336906:

For a number of reasons – it’s best practice, it’s expected,

These reasons are not quite important really.

it reduces the attack surface for man in the middle attacks,

I meant access of public webpages for unregistered readers, not for buyers, social members, or publishers from a back-end.

it’s no longer computationally expensive to offer

This is a key issue. Yes, Let’s Encrypt issues and renews certificates free of charge so far, a few of commercial registrars offer some (very limited) service for free. But LE is essentially a monopoly that can be bought at any time. And the current certification technology is expensive, constrained, and not available cheaply to every WWW publisher. Such dependence and reliance on monopolies is very dangerous for the future of a free internet. For an example, after my death, or at least my illness, all my open publications would disappear from the internet within just three months.

Offline

Board footer

Powered by FluxBB