Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Pages: 1
HTTPS & HTTP
Topic split to continue discussion, parent thread closed since testing was complete and test URL was taken offline.
Vienuolis wrote #336755:
Why not leave the option of unencrypted access open these days?
For a number of reasons – it’s best practice, it’s expected, it reduces the attack surface for man in the middle attacks, it’s no longer computationally expensive to offer, and a whole lot more.
Last edited by gaekwad (2024-03-14 14:34:42)
Offline
Re: HTTPS & HTTP
gaekwad wrote #336906:
For a number of reasons – it’s best practice, it’s expected,
These reasons are not quite important really.
it reduces the attack surface for man in the middle attacks,
I meant access of public webpages for unregistered readers, not for buyers, social members, or publishers from a back-end.
it’s no longer computationally expensive to offer
This is a key issue. Yes, Let’s Encrypt issues and renews certificates free of charge so far, a few of commercial registrars offer some (very limited) service for free. But LE is essentially a monopoly that can be bought at any time. And the current certification technology is expensive, constrained, and not available cheaply to every WWW publisher. Such dependence and reliance on monopolies is very dangerous for the future of a free internet. For an example, after my death, or at least my illness, all my open publications would disappear from the internet within just three months.
Offline
Pages: 1