Re: [Lynx-dev] TLS-"transport layer security" & LYNX
2018/07/24 04:14 ... David Woolley: In particular, having a non-HTTPS site will result in appearing a long way down the Google search results. I try'd that with a Google-search for something local to me, "toledo lucas public library" and did not see that effect, but saw something doubtless most of you know, that every link in the answer points to Google. (I usually use Duckduckgo.) ___ Lynx-dev mailing list Lynx-dev@nongnu.org https://lists.nongnu.org/mailman/listinfo/lynx-dev
Re: [Lynx-dev] TLS-"transport layer security" & LYNX
Mouse dixit: >Because there is no technical difference between that and a cert for >*.com or *.qc.ca: there is no way to tell, when presented with the >cert, whether everything covered by it is under common administration. Except the asterisk does not match a dot. So *.com would be valid for example.com but not www.example.com. CAs are a critical failure point anyway… I recall posting to this list a suggestion that lynx could remember server certificates, what others, a decade or so later, now call HPKP IIRC. bye, //mirabilos -- Stéphane, I actually don’t block Googlemail, they’re just too utterly stupid to successfully deliver to me (or anyone else using Greylisting and not whitelisting their ranges). Same for a few other providers such as Hotmail. Some spammers (Yahoo) I do block. ___ Lynx-dev mailing list Lynx-dev@nongnu.org https://lists.nongnu.org/mailman/listinfo/lynx-dev
Re: [Lynx-dev] TLS-"transport layer security" & LYNX
>>> protection from the NSA and other governments and companies >> _That_ protection was blown when the first wildcard cert was issued > If I own example.com and I get a cert for *.example.com how is that > insecure? Because there is no technical difference between that and a cert for *.com or *.qc.ca: there is no way to tell, when presented with the cert, whether everything covered by it is under common administration. /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTMLmo...@rodents-montreal.org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B ___ Lynx-dev mailing list Lynx-dev@nongnu.org https://lists.nongnu.org/mailman/listinfo/lynx-dev
Re: [Lynx-dev] TLS-"transport layer security" & LYNX
On Sat, 28 Jul 2018 11:53:59 -0400 (EDT) Mouse wrote: > >>> [...] webservers that refuse to serve anything over HTTP except a > >>> redirect to HTTPS. > >> They are just following an industry trend orchestrated by Google. > >> [...] > >> It's difficult to get a good explanation for the policy, [...] > > The reason that https is being mandated is so that everyone has > > protection from the NSA and other governments and companies > > _That_ protection was blown when the first wildcard cert was issued - > or, if you think of it another way, when support for wildcard certs was > implemented. If I own example.com and I get a cert for *.example.com how is that insecure? I've read things like what you've wrote above before and there is always that little detail missing... > > manipulating connections, blocking connections that are deemed > > "unwanted / illegal / etc.", and spying on user agents. > > That's all very well, and I'm glad it's available. My beef is with > webservers imposing it on clients, rather than letting clients choose. The idea is that if the webserver does not impose it the client will not get the choice because of the gov./etc., thus the choice is imposed on all for those whose clients would not get the choice. It is a trade off. "The needs of the few outweigh the needs of the many." -- Star Trek, when Spock's logic got reversed to justify saving his life. Sincerely, David ___ Lynx-dev mailing list Lynx-dev@nongnu.org https://lists.nongnu.org/mailman/listinfo/lynx-dev
Re: [Lynx-dev] lynx and duckduckgo
On Sun, Jul 29, 2018 at 12:08 PM, Jude DaShiell wrote: > It works better than google. No invalid cookie prompt with every search. > One thing has me puzzled though about lynx. Why put questions in the > options section where values cannot be changed by users? This invalid > cookies question has an (!) mark on its line. If a user can adjust this > with a command line option that's reasonable otherwise doesn't it make > more sense to keep all of that configuration in /etc/lynx.cfg? in lynx.cfg there is a setting to enable user changes to those settings, and the Options page will save them for the lynx user look for lines like this, uncomment and set to "ON" #ENABLE_LYNXRC:SEND_USERAGENT:OFF ___ Lynx-dev mailing list Lynx-dev@nongnu.org https://lists.nongnu.org/mailman/listinfo/lynx-dev
[Lynx-dev] lynx and duckduckgo
It works better than google. No invalid cookie prompt with every search. One thing has me puzzled though about lynx. Why put questions in the options section where values cannot be changed by users? This invalid cookies question has an (!) mark on its line. If a user can adjust this with a command line option that's reasonable otherwise doesn't it make more sense to keep all of that configuration in /etc/lynx.cfg? -- ___ Lynx-dev mailing list Lynx-dev@nongnu.org https://lists.nongnu.org/mailman/listinfo/lynx-dev