On Sun, Oct 20, 2024 at 11:16:23PM +0100, Chris Narkiewicz via Mutt-users ([email protected]) wrote:
> On Sat, Oct 19, 2024 at 04:39:39PM +0300, Sophoklis Goumas wrote: > > How come there is there is no availability for HTTPS? > Given the public and static nature of the page, the author > probably doesn't see a point. Https is not just for encryption but also and perhaps more importantly authentication. In particular, http sites are more vulnerable to DNS poisoning (spoofing) attacks, where blackhats direct the traffic to their own website that spreads malware &c. For that purpose it's all the better to have a public and static site. I'm not overly concerned about that with mutt.org though, mainly because mutt is not all that popular and there probably isn't so much traffic there to make such an attack worthwhile. -- Tapani Tarvainen
