Em 08-12-2015 16:24, Michael McConville escreveu: > There are still some privacy benefits to using HTTPS. It will confound a > lot of simple filtering and monitoring software, and what you're reading > on the site is pretty obfuscated. It also helps security on sketchy > networks. > > HTTPS isn't a perfect solution, but it's something. Especially when ISPs > are starting to inject beacons into HTTP requests and more closely > observe usage. > > That said, I suspect none of the sysadmins have the time or interest, > and that's understandable. I started a thread regarding TLS on the OpenBSD site some time ago, I think it was 2013. There was startcom at the time and I even offered to buy certs if the startcom certs weren't acceptable. I don't see why this changed with letsencrypt in town. There wasn't interest at the time, and I don't see why there will be now.
One of the main benefits of the TLS wouldn't only be to render impossible for anyone to know which pages you're accessing on the site, but also the fact that we would get a little more security getting the SSH fingerprints for the anoncvs servers. Having them in clear text as they are today, isn't very secure. Also, now that we have two free TLS certs providers, one can use HPKP and completely disregard the CA's, which is a security benefit. Cheers, Giancarlo Razzolini
