On Fri, Mar 09, 2012 at 07:11:19PM -0600, Daxter wrote: > On Mar 9, 2012, at 15:37, Evan Daniel <eva...@gmail.com> wrote: > > > On Fri, Mar 9, 2012 at 4:21 PM, Florent Daigniere > > <nextg...@freenetproject.org> > >> > >> I was wondering, do we have any good reason not to switch the various > >> websites to HTTPS only? (with a 301 redirect on HTTP) > > > > I'm in favor of https only. The only real arguments against it are > > probably server cpu load. I assume that given our traffic levels, > > that's not likely to be an issue? > > > > Evan Daniel > > I'm all for HTTPS, but do we really want to outright *remove* functionality > from the site? Sure, HTTP isn't secure and all "modern" web browsers support > it. However, we would be making it harder for people to learn about Freenet > and potentially try it out. >
Why? You could still access it over HTTP... and be presented with (transparent) redirect to the secure version. > In the end I think we should do what every major website does today: encrypt > the important data and let the entire site be accessible securely, but don't > force it onto people. > > -Daxter It's very difficult to do and most websites do it wrong. You have to think about mixed-content errors, cookie flags, ... Sending credentials in cleartext like we do on the wikis, with no secure alternative, is a disgrace. Florent _______________________________________________ Devl mailing list Devl@freenetproject.org http://freenetproject.org/cgi-bin/mailman/listinfo/devl