Steffen Nurpmeso wrote in <20250818233921.k45lKNlI@steffen%sdaoden.eu>: |Vincent Lefevre wrote in | <[email protected]>: ||On 2025-08-18 14:45:51 +0000, Emery Hemingway wrote: ||> If you want https then there should be a browser option or plugin ||> to always try https before http. || ||That's still insecure: someone who controls the network can block ||https connections to some site, then redirect the http fallback to ||another site. | |That is then why Android Chrome screams loud about insecurity if |you do not publish those special DNS entries, even if HTTPS would |be doable. (I had a run on that on some IETF list because the |behaviour pisses me off, firefox simply does HTTPS, they could |scream when that is not doable maybe, you know.) |Having said that, emails is worse, and getting more so.
P.S.: i really think it is on purpose, but i could not find the context where he mentioned it; he cares for elder machines which cannot do TLS, if i recall correctly. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
