On Sat, 6 Aug 2011 12:26:53 +0200, Lukas Fleischer wrote:
* Because there might be sucky applications on crappy embedded devices that do not support HTTPs (although I doubt there's actually a lot of these).
OK, let's say this is not a valid argument.
* Because there's some overhead.
For our site this would be barely measurable and definitely not noticeable.
* I know these aren't strong arguments, but even having no real reason against encryption doesn't mean that we should disable HTTP if there's no real objection against using HTTP with reason as well.
There are quite a lot of reasons for using https. And even unsure, one should prefer https as it improves security in some cases and in worst case wont have any real downside. I have found some other article (including nmore links) which might be interesting to read: https://www.eff.org/pages/how-deploy-https-correctly -- Pierre Schmitz, https://users.archlinux.de/~pierre