On Sat, 6 Aug 2011 12:26:53 +0200, Lukas Fleischer wrote: > * Because there might be sucky applications on crappy embedded devices > that do not support HTTPs (although I doubt there's actually a lot of > these).
OK, let's say this is not a valid argument. > * Because there's some overhead. For our site this would be barely measurable and definitely not noticeable. > * I know these aren't strong arguments, but even having no real reason > against encryption doesn't mean that we should disable HTTP if there's > no real objection against using HTTP with reason as well. There are quite a lot of reasons for using https. And even unsure, one should prefer https as it improves security in some cases and in worst case wont have any real downside. I have found some other article (including nmore links) which might be interesting to read: https://www.eff.org/pages/how-deploy-https-correctly -- Pierre Schmitz, https://users.archlinux.de/~pierre
