Thank you very much for your thorough reply, Daniel. There are plenty of people and organizations who insist HTTPS everywhere is > everywhere from downright evil down to inconvenient and inefficient. And > yes, there's certainly a price to pay for that level of security.
Again, I perfectly understand the whole point of HTTPS everywhere. It makes sense as soon as a packet goes over a public network. On private networks, it becomes arguable (see Is SSL terminated at a load balancer PCI compliant? <https://security.stackexchange.com/questions/43071/is-ssl-terminated-at-a-load-balancer-pci-compliant>), and on localhost, I fail to see how it could be a security risk. I'm all for a well-documented option with strong warnings, I'll see if I find the time (and have the skills) to implement it. Cheers, Benjamin
------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
