On 2018-02-06, Daniel Ouellet <dan...@presscom.net> wrote: > Come on guys. > > If you actually donate and click on any links there you would see it > bring you to a secure page. > > No need to have this one https type really there isn't any information > you enter on it... > > I guess the sand is way more think some places then others.... > > Must be nice beaches there and pretty bikini too I hope!
Just because some payment processors somehow manage to get that iframe-served-by-insecure-site crap through pci-dss doesn't mean it's safe. Pages redirecting/linking/posting to or <iframe>-embedding payment pages have just as high a security requirement as the payment pages themselves. You don't want them to be intercepted and modified. > On 2/6/18 1:03 PM, Charlie Eddy wrote: >> agreed - using HTTP instead of HTTPS is a great way to encourage that >> activity, and since I love having my head in the sand like an ostrich I >> encourage us to not encrypt the donation links to the most secure operating >> system available to the public. That way we can't donate securely to the >> foundation we support - the sand is great from down here If you don't trust the forms, you can use obsd-pay...@openbsdfoundation.org directly.
