[a / b / c / d / e / f / g / gif / h / hr / k / m / o / p / r / s / t / u / v / vg / vm / vmg / vr / vrpg / vst / w / wg] [i / ic] [r9k / s4s / vip / qa] [cm / hm / lgbt / y] [3 / aco / adv / an / bant / biz / cgl / ck / co / diy / fa / fit / gd / hc / his / int / jp / lit / mlp / mu / n / news / out / po / pol / pw / qst / sci / soc / sp / tg / toy / trv / tv / vp / vt / wsg / wsr / x / xs] [Settings] [Search] [Mobile] [Home]
Board
Settings Mobile Home
/g/ - Technology

[Advertise on 4chan]


Thread archived.
You cannot reply anymore.


[Advertise on 4chan]


File: 1492.png (108 KB, 400x381)
108 KB
108 KB PNG
>HTTPS only
>>
>mom revoked the fridge's TLS cert
>>
>>84466549
It's kinda dumb for pure static html sites that you don't send any data to anyway. I would allow it on such a site to make it compatible with older systems. But in all other cases the server should probably force HTTPS.
>>
>>84466695
This may come as a complete fucking surprise to you, but you always send data to retrieve data.
>>
The WWW should have been fully encrypted from day one.
Why do people think routing non-encrypted communications through various unknown 3rd parties is ever acceptable?
>>
>>84467110
nah it's bloat.
>>
>>84466549
I block port 80 (outgoing).
>>
>>84466601
>mom requires me to trust her self-signed CA certificate
>>
>stonetoss.com's cert STILL hasn't been renewed
>>
>>84467030
I mean an actual payload. Something you would use a POST for, like writing a post on here. If you have a completely static html page like software documentation you don't need to force encryption. You should offer encryption for anyone who wants to use it but can offer http as a fallback without risking much. Of course separated from anything a user actually interacts with like a forum, there hsts should be enabled. But you understood that perfectly well, you just wanted to be a smartass.
>>
>>84467274
That is not what bloat means
>>
>>84467110
Considering how bad cryptography, and computational speed, was in the 80's I can't say I'm surprised that plaintext HTTP became the de-facto standard. But nowadays there's no reason not to encrypt everything.

>>84466695
HTTPS does nothing to protect you from whatever the server wants to do with your transaction data, it protects you from eavesdroppers on the network between yourself and the server.
>>
>>84467505
attackers could still inject a HTTP 301 redirect to whatever spoof site or change information

I get the point about fallbacks and old systems though
>>
>>84466549
They fucked my kindle keyboard 3s browser. I hate the certificate jews so much. Fuck your security i never asked for this
>>
>>84467612
>HTTPS does nothing to protect you from whatever the server wants to do with your transaction data, it protects you from eavesdroppers on the network between yourself and the server.
And that's all it's supposed to do, where's the problem? A protocol for transport security shouldn't try to do more than transport security.
But do you really need to protect docs.domain.com from eavesdropping when it's just some manual? Everyone who can the metadata could just to the website and read it himself. Sure, https would make it harder to know what part of the site someone is viewing but that can be a user choice. Making https the default while allowing http would be enough.
>>84467622
>attackers could still inject a HTTP 301 redirect to whatever spoof site or change information
Yes, that's why not offering https at all is a dick move. Sometimes it's really critical but sometimes you can just leave it to the user.
>>
>>84467463
Ah, so this is why the frogs have suddenly turned against encrypted connections.
>>
>>84466549
I set HSTS with TLS v1.3 only just to fuck over BSDcucks and muh retro fags on my static html website.
>>
File: UoH.gif (964 KB, 498x280)
964 KB
964 KB GIF
>>84466549
>UDP over HTTPS



Delete Post: [File Only] Style:
[Disable Mobile View / Use Desktop Site]

[Enable Mobile View / Use Mobile Site]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.