>mom revoked the fridge's TLS cert
>>84466549It's kinda dumb for pure static html sites that you don't send any data to anyway. I would allow it on such a site to make it compatible with older systems. But in all other cases the server should probably force HTTPS.
>>84466695This may come as a complete fucking surprise to you, but you always send data to retrieve data.
The WWW should have been fully encrypted from day one.Why do people think routing non-encrypted communications through various unknown 3rd parties is ever acceptable?
>>84467110nah it's bloat.
>>84466549I block port 80 (outgoing).
>>84466601>mom requires me to trust her self-signed CA certificate
>stonetoss.com's cert STILL hasn't been renewed
>>84467030I mean an actual payload. Something you would use a POST for, like writing a post on here. If you have a completely static html page like software documentation you don't need to force encryption. You should offer encryption for anyone who wants to use it but can offer http as a fallback without risking much. Of course separated from anything a user actually interacts with like a forum, there hsts should be enabled. But you understood that perfectly well, you just wanted to be a smartass.
>>84467274That is not what bloat means
>>84467110Considering how bad cryptography, and computational speed, was in the 80's I can't say I'm surprised that plaintext HTTP became the de-facto standard. But nowadays there's no reason not to encrypt everything.>>84466695HTTPS does nothing to protect you from whatever the server wants to do with your transaction data, it protects you from eavesdroppers on the network between yourself and the server.
>>84467505attackers could still inject a HTTP 301 redirect to whatever spoof site or change informationI get the point about fallbacks and old systems though
>>84466549They fucked my kindle keyboard 3s browser. I hate the certificate jews so much. Fuck your security i never asked for this
>>84467612>HTTPS does nothing to protect you from whatever the server wants to do with your transaction data, it protects you from eavesdroppers on the network between yourself and the server.And that's all it's supposed to do, where's the problem? A protocol for transport security shouldn't try to do more than transport security.But do you really need to protect docs.domain.com from eavesdropping when it's just some manual? Everyone who can the metadata could just to the website and read it himself. Sure, https would make it harder to know what part of the site someone is viewing but that can be a user choice. Making https the default while allowing http would be enough.>>84467622>attackers could still inject a HTTP 301 redirect to whatever spoof site or change informationYes, that's why not offering https at all is a dick move. Sometimes it's really critical but sometimes you can just leave it to the user.
>>84467463Ah, so this is why the frogs have suddenly turned against encrypted connections.
>>84466549I set HSTS with TLS v1.3 only just to fuck over BSDcucks and muh retro fags on my static html website.
>>84466549>UDP over HTTPS