On Fri, Apr 28, 2017 at 9:14 PM, Andy Smith <a...@strugglers.net> wrote: > Hi Mark, > > I think Mozilla's position is reasonable since if you allow this > sort of thing to remain possible, nobody will fix anything. Broken > software will ship with instructions for the users to "just make an > exception". > > Would it be feasible to put a proxy in front of the HTTP-only > service, that consumes HTTP on its backend and exposes HTTPS on its > frontend? > > That way, the burden is on the administrator rather than the > end-user, which is probably a fairer division of labour.
I think this is spot on. Thank you. A quick search shows Apache modules mod_proxy and mod_ssl as a viable path. And with cheap single board computers preloaded with Debian and Apache, old gear stays economically viable. Cool. Your point about division of labor is well-taken. While I initially bridled at free software not being free, I understand that a publicly distributed browser has special responsibilities--especially when there exist secure solutions to a given problem just a little further afield. Mark
