Fair point. As a technologist working in the developing world, this should matter more to me, but alas, my heart always cries "deploy hard crypto!". There is a compromise between the two somewhere...
In related news, today Google announced that Chrome 39 will disable SSLv3 fallback, and Chrome 40 will disable it entirely: https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/Vnhy9aKM_l4 And TLS1.0, which came after SSLv3 (despite the decrement), is 15 years old now! And even Windows XP supports TLS 1.0. Regards, On Tue, Oct 28, 2014 at 9:54 PM, Stuart Yeates <[email protected]> wrote: > > > I was shooting for always loading over HTTPS, as surely loading > ANYTHING we can > > over HTTPS should increase our users' security, ie jQuery, images, CSS, > etc... > > Yes, but only if you're assuming that only humans connect and all of them > use modern browsers with good https support. > > Many users in the developing world access on an array of kinds of hardware > and software that we would consider obsolete. Requiring the latest and > greatest web technologies to access our research isn't going to decrease > that development gap. > > Many tools, from plain server monitoring systems to reference checking > systems to fancy website thumbnail services just work better and more > reliably over http than https. > > cheers > stuart > -- Alan Orth [email protected] https://alaninkenya.org https://mjanja.ch "In heaven all the interesting people are missing." -Friedrich Nietzsche GPG public key ID: 0x8cb0d0acb5cd81ec209c6cdfbd1a0e09c2f836c0
------------------------------------------------------------------------------
_______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
