"who one" writes: > Hello, > > http://www.openbsdfoundation.org/ > http://firmware.openbsd.org/firmware/ > > When can we have HTTPS connection on these websites? > > What website remains that doesn't have HTTPS yet and related to OpenBSD? > > Security should be in layers, HTTPS is one additional layer. > > 70% of the websites in the world uses HTTPS: https://letsencrypt.org/stats/ , > see "Percentage > of Web Pages Loaded by Firefox Using HTTPS". If OpenBSD is security oriented, > HTTPS should be > de facto.
What security does exposing openbsd.org's public websites over https grant? What threat model is doing so, with all the extra work and extra opportunities for failure, supposed to circumvent? Security is not a flag you can toggle on or off. The x509-based PKI is a racket which I, for one, am glad openbsd has not succumbed to. This has been discussed ad nauseum. Matthew
