Giancarlo Razzolini <grazzol...@gmail.com> wrote: > It is really nice to finally see TLS on openbsd.org. How about redirecting > http to https?
I dislike the idea. For one, it does not stop a MITM by itself. In addition, enforced encryption makes it hard to cache and/or use proper http proxies with the site. Purely informative sites don't need TLS. The user can opt to use TLS if he thinks the content he needs to read is somehow sensitive, or configure his browser not to use the regular http version if he feels like doing that. A pure simple redirect does not add much to security unless the user takes extra steps - but if the user takes extra steps he does not need a redirect at all. -- OpenPGP Key Fingerprint: BB5A C2A2 2CAD ACB7 D50D C081 1DB9 6FC4 5AB7 92FA
