ilf writes: > In the current setup, users who type the domain suckless.org into their > URL get HTTP cleartext. I think these users should get HTTPS.
Just print a big ugly warning over HTTP: "HTTP is not supported. Update your bookmarks." It's the only step that will lead people both to change some of their old links to HTTPS and to keep them from creating new HTTP links. Automatic redirects are pointless because they don't lead users to more secure behavior yet can be MITMed. And if you're going to embrace a flawed-yet-beneficial protocol like HTTPS, you might as well go all the way. -- Anthony J. Bentley
