[aur-general] aur website default ssl
Pierre Schmitz
pierre at archlinux.de
Thu Oct 28 03:59:53 EDT 2010
On Thu, 28 Oct 2010 03:13:42 -0400, Kaiting Chen <kaitocracy at gmail.com>
wrote:
>> Pierre,
>> How is sending publicly available information unencrypted insecure? It
>> does not warrant a need for additional security in the first place. If
>> someone wants to see what comments you post on a package they go look
>> at the package's page. They don't have to sniff your traffic. I am
>> secure in my AUR traffic's triviality.
>>
>> How is https for logins inconvenient for users? Forwarding between
>> http and https happens transparently on every major website. Most
>> people wouldn't know it was happening if it wasn't for the padlock
>> graphic. Many still don't.
>
>
> True story; and a lot of server resources would be saved by not having to
> encrypt information that doesn't need to be encrypted.
That's wrong. See for example
http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html. About 1%
cpu overhead is not worth talking about. In fact it would be a lot more
work and possible insecure to not just encrypt everything but
selectively.
--
Pierre Schmitz, https://users.archlinux.de/~pierre
More information about the aur-general
mailing list