It is surprising, since I remember Ilya Grigorik made a talk about TLS during the first ever nginx conf in 2014: https://www.youtube.com/watch?v=iHxD-G0YjiU https://istlsfastyet.com/
Thus, there is no reason for not going full-HTTPS in delivering Web pages. --- *B. R.* On Fri, Aug 19, 2016 at 9:21 PM, Richard Stanway <r1ch+ng...@teamliquid.net> wrote: > Hello, > I noticed that the PGP key used for signing the Debian release packages > recently expired. I went to download the new one and noticed that > nginx.org wasn't using HTTPS by default. Manually entering a https URL > works as expected, although some pages have hard coded http links in them. > > Is there a reason that the website isn't using HTTPS and STS / HPKP? It > would help mitigate potential MITM attacks especially on precompiled > binaries and PGP key downloads. > > > _______________________________________________ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx >
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
