On Sat, 28 Jul 2018 11:53:59 -0400 (EDT) Mouse <[email protected]> wrote: > >>> [...] webservers that refuse to serve anything over HTTP except a > >>> redirect to HTTPS. > >> They are just following an industry trend orchestrated by Google. > >> [...] > >> It's difficult to get a good explanation for the policy, [...] > > The reason that https is being mandated is so that everyone has > > protection from the NSA and other governments and companies > > _That_ protection was blown when the first wildcard cert was issued - > or, if you think of it another way, when support for wildcard certs was > implemented. <snip>
If I own example.com and I get a cert for *.example.com how is that insecure? I've read things like what you've wrote above before and there is always that little detail missing... > > manipulating connections, blocking connections that are deemed > > "unwanted / illegal / etc.", and spying on user agents. > > That's all very well, and I'm glad it's available. My beef is with > webservers imposing it on clients, rather than letting clients choose. The idea is that if the webserver does not impose it the client will not get the choice because of the gov./etc., thus the choice is imposed on all for those whose clients would not get the choice. It is a trade off. "The needs of the few outweigh the needs of the many." -- Star Trek, when Spock's logic got reversed to justify saving his life. Sincerely, David _______________________________________________ Lynx-dev mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/lynx-dev
