If you set the HSTS header for HTTPS connections, people will automtically redirected to HTTPS if they visited once. This would give an improved security because browsers would automatically redirect to HTTPS while you could still telnet/curl it without having to use HTTPS.
On 09/01/2017 04:52 PM, Anselm R Garbe wrote: > On 1 September 2017 at 10:15, ilf <i...@zeromail.org> wrote: >> No, I am serious. Users, who think HTTPS sucks, shouldn't use HTTP euther, >> because that sucks, too. The choice shouldn't be HTTPS or HTTP, but HTTPS or >> Gopher. But please let HTTP die. > > Gopher is long dead, only some retro-enthusiasts are running gopher > servers these days. I'm not against setting up gopher as an option, > but not for the price to disable HTTP GET (which is all that we need > after switching to git: and ssh: for code access). > >> In the current setup, users who type the domain suckless.org into their URL >> get HTTP cleartext. I think these users should get HTTPS. > > Why? If I connect to suckless.org 80 with telnet and type GET / > HTTP/1.0 I want to see plain text. > >> And what about old external links to the site, they are currently 100% HTTP, >> too. Without a redirect, HTTP will continue ti be used by many users >> although many would rathet use HTTPs - or don't care. > > I explained this already. If I see a http link I expect an http link. > External links will migrate to HTTPS slowly. > > -Anselm >
signature.asc
Description: OpenPGP digital signature
