On Thu, 28 Oct 2010 03:13:42 -0400, Kaiting Chen <kaitocr...@gmail.com> wrote: >> Pierre, >> How is sending publicly available information unencrypted insecure? It >> does not warrant a need for additional security in the first place. If >> someone wants to see what comments you post on a package they go look >> at the package's page. They don't have to sniff your traffic. I am >> secure in my AUR traffic's triviality. >> >> How is https for logins inconvenient for users? Forwarding between >> http and https happens transparently on every major website. Most >> people wouldn't know it was happening if it wasn't for the padlock >> graphic. Many still don't. > > > True story; and a lot of server resources would be saved by not having to > encrypt information that doesn't need to be encrypted.
That's wrong. See for example http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html. About 1% cpu overhead is not worth talking about. In fact it would be a lot more work and possible insecure to not just encrypt everything but selectively. -- Pierre Schmitz, https://users.archlinux.de/~pierre