On 23.04.21 08:36, Nicky Thomassen wrote:
But there is no need for that on a read-only site like Postfix'. In my opinion, anyway.
It's only a read-only site as long as there's no man in the middle attack injecting malicious code into the connection. There's too few people who disable things like Javascript by default, and that battle is well and truly lost as far as the general public is concerned, so we need defence in depth measures to protect people from their own laziness.
Setting up HTTPS is trivial to anyone technically competent, and browser vendors *know* they cannot require them to cost money, so they're overall a net positive.
OpenPGP_signature
Description: OpenPGP digital signature
