Re: OpenBSD !HTTPS websites - why?

2018-01-24 Thread who one
has been issued, reducing your attack window, but increasing the management overhead. ### > Sent: Monday, January 15, 2018 at 1:37 PM > From: "Stuart Henderson" <s...@spacehopper.org> > To: misc@openbsd.org >

Re: OpenBSD !HTTPS websites - why?

2018-01-17 Thread Stuart Henderson
On 2018-01-17, Jonathan Sélea wrote: > This is a cryptographically signed message in MIME format. > > --ms07080900080004080102 > Content-Type: text/plain; charset=utf-8 > Content-Transfer-Encoding: quoted-printable > Content-Language: en-US > > Well, I can find

Re: OpenBSD !HTTPS websites - why?

2018-01-17 Thread Jonathan Sélea
Well, I can find some under "Donations", but thoose are using HTTPS already. If I missed some, please correct me On 01/17/18 14:06, Stuart Henderson wrote: > On 2018-01-17, Jonathan Sélea wrote: >> This is a cryptographically signed message in MIME format. >> >>

Re: OpenBSD !HTTPS websites - why?

2018-01-17 Thread Stuart Henderson
On 2018-01-17, Jonathan Sélea wrote: > This is a cryptographically signed message in MIME format. > > --ms000907050408000400030908 > Content-Type: text/plain; charset=utf-8 > Content-Transfer-Encoding: quoted-printable > Content-Language: en-US > >

Re: OpenBSD !HTTPS websites - why?

2018-01-17 Thread Jonathan Sélea
openbsdfoundation.org redirects to http://www.openbsdfoundation.org, port 443 is not even open. On 01/17/18 10:18, Stuart Henderson wrote: > On 2018-01-15, Jonathan Sélea wrote: >> I can't really find a form on any of those websites so SSL/TLS does not >> really matter in

Re: OpenBSD !HTTPS websites - why?

2018-01-17 Thread Stuart Henderson
On 2018-01-15, Jonathan Sélea wrote: > I can't really find a form on any of those websites so SSL/TLS does not > really matter in this case. There is on openbsdfoundation.org.

Re: OpenBSD !HTTPS websites - why?

2018-01-15 Thread Jonathan Sélea
Hi, I can't really find a form on any of those websites so SSL/TLS does not really matter in this case. The only thing SSL/TLS will do is to improve CEO and load times ( if http/2 and brotli is not implemented). And as Allan said LE is not a good alternative either. With that being said - HTTPS

Re: OpenBSD !HTTPS websites - why?

2018-01-15 Thread Allan Streib
who one writes: > 70% of the websites in the world uses HTTPS: https://letsencrypt.org/stats/ , > see "Percentage of Web Pages Loaded by Firefox Using HTTPS". If OpenBSD is > security oriented, HTTPS should be de facto. Letsencrypt is possibly not the best example to

Re: OpenBSD !HTTPS websites - why?

2018-01-15 Thread chohag
"who one" writes: > Hello, > > http://www.openbsdfoundation.org/ > http://firmware.openbsd.org/firmware/ > > When can we have HTTPS connection on these websites? > > What website remains that doesn't have HTTPS yet and related to OpenBSD? > > Security should be in layers, HTTPS is one

Re: OpenBSD !HTTPS websites - why?

2018-01-15 Thread Stuart Henderson
On 2018-01-15, who one wrote: > Hello, > > http://www.openbsdfoundation.org/ > http://firmware.openbsd.org/firmware/ > > When can we have HTTPS connection on these websites? > > What website remains that doesn't have HTTPS yet and related to OpenBSD? > > Security should be