[aur-general] aur website default ssl
Alexander Duscheleit
jinks at archlinux.us
Tue Nov 2 01:15:49 EDT 2010
On Thu, 28 Oct 2010 09:56:27 +0200
Pierre Schmitz <pierre at archlinux.de> wrote:
> [...]
>
> In general I think it's a good idea that we now use https for most
> sites and we shouldn't discuss about if that is sane or not but why
> are some clients unable to handle it.
>
This just popped into my feedreader:
http://utcc.utoronto.ca/~cks/space/blog/web/HttpToHttpsRedirectionBad
In general I'm a big fan of https-only websites, but the article has
some valid points nonetheless. There seems to be no *good* way to
balance convenience and security in this matter. Perhaps if browser
makers started to try https first when given no protocol, but that's
probably never gonna happen.
--
Alexander Duscheleit <jinks at archlinux.us>
More information about the aur-general
mailing list