On Sun, 7 Nov 2021 15:44:18 -0600, Joel C. Ewing wrote: > ... >I'm amazed IBM doesn't yet automatically convert http protocol to https >on all their websites, and hasn't yet changed all published links from >http to https. > I'm amazed that if the user omits the scheme and types merely the domain name Firefox defaults to (hidden) http, not htps.
Firefox lately attempts to convert http to https but falls back to http on failure. The client can do that; the server can't. Compatibility. I suspect that conversion is done by a redirection and the webmaster wishes to continue supporting old clients. >Just out of curiosity I tried >https://service.software.ibm.com/holdata/390holddata.html , >and it does actually work (good), but in Firefox you have to override an >invalid security certificate (bad), ... > Might that be reported to IBM, which maintains a reputation for security? (The embedded URLs to data files are explicitly https.) > ... because the certificate at the >service.software.ibm.com website server is apparently only valid for >domains www.aix.software.ibm.com and aix.software.ibm.com, not for >service.software.ibm.com . Upon inspection, the certificate is >obviously owned by IBM, so if you understand certificates you can feel >confident that in this case a bad-certificate override is safe, but one >should not be required to override security warnings. > >Maybe there are some obscure reasons IBM has to keep allowing http >access, but an explicit https access should at least be correctly >supported for all web content -- and that means having the proper >security certificates in place. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
