On 31 August 2017 at 14:45, hiro <23h...@gmail.com> wrote: > Now we have something much worse: letsencrypt and this completely > insecure http redirection snake-oil. > > With letsencrypt you now have to put extra work (can't keep track of > all the individual subdomains either, wildcards are suddenly a > security risk?!), and nobody bothers to quanitfy the amount of gained > security.
I don't really mind letsencrypt (actually I wouldn't mind to make a deal with HonestAchmed or his cousin -- we can all trust them, because the uncle of a friend is his step brother and knows the family very well ;)), but I'm also a sceptic of HSTS. Where do we really have a downgrade risk? In the content suckless offers, this can be solved by using relative or non-protocol hrefs everywhere. I wouldn't mind if existing external links are not redirected, during time external references will adopt slowly. BR, Anselm
