Hello, I stumbled upon this URL: https://https.git.savannah.gnu.org/git/ and was surprised by the double https.
Of course in a sane world, lexicographic order would have been respected, and we would have: https://org.gnu.savannah.git.https/git/ and no security problem... But unfortunately, some people at the beginning of computer networks (and systems) took always the worse option (by intent, by lack of knowledge?). But now https:// is masked in the URL bar in Firefox for example. So you see: https.git.savannah.gnu.org/git/ and you have to trust the server that it is indeed https, or check the funny shield. But wait, Firefox has a shield icon for https, but it may be used also for "tracking protection". And I tested Chromium and Chromium displays no shield. So with chromium you need a manual check, and you may be fooled by the "https." prefix. Maybe there would be something else than "https" that could be possible like "protocolhttps". Ok it's verbose and redundant since the p in https already means that. But that would be less problematic in case of some kind of attacks where the user needs to be fooled visually to think he uses https and not http. Best regards, Laurent Lyaudet
