FRIGN wrote: > Even if you use self-signed certificates on your server, which provide 0 > guarantee that the server you are contacting really is the "right" one, it > still means the traffic itself is encrypted, with all benefits of it.
Heyho, In our case it would do nothing. There is no "secret" data available through the suckless site, since there is no login mechanism, everything is publicly available. Therefore encryption does not help at all. I don't see any other possible benefits of encryption besides confidency. What we want to achieve is authentication. We want to be sure the data received is actually from suckless.org and not from some random governments MitM. A self-signed certificate connection can still easily be attacked by a MitM if you don't establish trust to the used certificate and maintain it (pinning) which is hard without a CA or WoT. --Markus
