In the current setup, users who type the domain suckless.org into their URL get HTTP cleartext. I think these users should get HTTPS.
And what about old external links to the site, they are currently 100% HTTP, too. Without a redirect, HTTP will continue ti be used by many users although many would rathet use HTTPs - or don't care.
OTOH, I have yet to read a valid example which software "breaks" with a HTTP to HTTTPS redirect. I assume, it's very little software and probably easily fixable - or should just die.
Anselm R Garbe:
If you can't speak TLS, then use gopher instead of HTTP. I hear HTTP sucks, too.Come on, isn't this a contradiction to your always redirect approach? gopher is almost dead and doesn't provide any advantage over HTTP in terms of MIM prevention. I agree with hiro to let the user decide if he sticks to http or https, but that we shouldn't mandate https.
--
ilf
Über 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg!
-- Eine Initiative des Bundesamtes für Tastaturbenutzung
signature.asc
Description: PGP signature
