2 Nov
2010
2 Nov
'10
5:15 a.m.
On Thu, 28 Oct 2010 09:56:27 +0200 Pierre Schmitz <pierre@archlinux.de> wrote:
[...]
In general I think it's a good idea that we now use https for most sites and we shouldn't discuss about if that is sane or not but why are some clients unable to handle it.
This just popped into my feedreader: http://utcc.utoronto.ca/~cks/space/blog/web/HttpToHttpsRedirectionBad In general I'm a big fan of https-only websites, but the article has some valid points nonetheless. There seems to be no *good* way to balance convenience and security in this matter. Perhaps if browser makers started to try https first when given no protocol, but that's probably never gonna happen. -- Alexander Duscheleit <jinks@archlinux.us>