Paul Menzel:
I understood it the way, that there might be programs not being able to deal with TLS.
The first version of SSL/TLS became a standard in 1999. TLS 1.2 is from 2008, over nine years ago: https://tools.ietf.org/html/rfc5246
Any software that can't deal with TLS is IMHO broken - and sucks.Really, cleartext is evil for many reasons: it lacks confidentiality, authenticity and integrity - and it opens many opportunities for downgrade scenarios.
The Snowden relevations have shown that the internet is under attack and technologists should actively work against that:
Pervasive Monitoring Is an Attack https://tools.ietf.org/html/rfc7258 Confidentiality in the Face of Pervasive Surveillance https://tools.ietf.org/html/rfc7624So please, let's try to move away from cleartext to encrypted connections. Offering HTTPS is a huge first step. But let's take another step and redirect HTTP to HTTPS. (Until it's time to finally turn of HTTP.)
Thanks.
--
ilf
Über 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg!
-- Eine Initiative des Bundesamtes für Tastaturbenutzung
signature.asc
Description: PGP signature
