On Tue, 24 Jul 2018 09:14:25 +0100 David Woolley <for...@david-woolley.me.uk> wrote: > On 24/07/18 01:31, Mouse wrote: > > Actually, in my case, it's the fault of webservers that refuse to > > serve anything over HTTP except a redirect to HTTPS. I neither have > > nor want HTTPS support. > > > > They are just following an industry trend orchestrated by Google. In > particular, having a non-HTTPS site will result in appearing a long way > down the Google search results. Most sites are either their to sell > something, or to sell people to advertisers, so they want a good google > ranking. > > Even when the contents is the primary reason for the site, hosting > costs have to be paid, and that is often done by advertising. > > It's difficult to get a good explanation for the policy, but my guess > is that is the number of people accessing from mobile devices using > public hot spots.
The reason that https is being mandated is so that everyone has protection from the NSA and other governments and companies (and I have personally, and frequently encountered all of the above, here in the US), manipulating connections, blocking connections that are deemed "unwanted / illegal / etc.", and spying on user agents. "Illegal" often has nothing to do with traditional (i.e. Christian), morality and more to do with the ruling classes desire not to face any dissension from exterior sources. Thus governments and companies are faced with the choice of either blocking the whole domain or non at all. And connection manipulation becomes impossible, but that does not stop US companies and the government from manipulating anything that is not encrypted. If a site offers both http and https then the US government will actually go as far as blocking the https version. I am referring to the US libraries here. This is not to mention the "sign on" pages that you encounter when you visit any number of "open" wifi access points. All that being said, I'd be interested in knowing what Thorsten Glaser was talking about with respect to TLS 1.3. I though, perhaps somewhat naively, that all headers, cookies, and the resource(s) you are requesting are encrypted thus nothing could be leaked / manipulated / or affected during the session. The best an adversary could do was guess what you asked for. Sincerely, David _______________________________________________ Lynx-dev mailing list Lynx-dev@nongnu.org https://lists.nongnu.org/mailman/listinfo/lynx-dev