Hi,
"Use HTTPS everywhere that supports it" is simple and actionable advice for the average person that will make them more secure.
There are applications and sites where HTTPS doesn't really help, but other than some unusual performance edge cases that are pretty rare in practice, it doesn't hurt.
I support that idea in principle, but one of our user stories is "I have a datacenter with a few thousand containers in it, so I want to redirect accesses to the local mirror to reduce external network traffic."
This is a use case where HTTPS does hurt, and where I can't think of any good mitigation strategies that wouldn't be worse from a security PoV than the status quo.
Simon
OpenPGP_signature
Description: OpenPGP digital signature
