I wonder why the suckless-websites are only available in HTTP, not in
HTTPS. In the age of letsencrypt.org, there aren't a lot of valid
excuses against TLS. Am I missing one from a suckless-philosopy? Or has
this just never been requested?
I for one would love to see unencrypted communications
On Sat, Sep 24, 2016 at 2:54 PM, ilf wrote:
> (Pardon if it's been discussed, I did not find it in the archives.)
http://lists.suckless.org/dev/1608/30016.html
From Anselm in that thread:
> This is on my TODO list for quite some time. Expect it to happen until
> end of this year.
On Sat, Sep 24, 2016 at 08:54:39PM +0200, ilf wrote:
> I wonder why the suckless-websites are only available in HTTP, not in HTTPS.
> In the age of letsencrypt.org, there aren't a lot of valid excuses against
> TLS. Am I missing one from a suckless-philosopy? Or has this just never been
> requested
On Sat, 24 Sep 2016 21:25:32 +0100
Joseph Graham wrote:
> On Sat, Sep 24, 2016 at 08:54:39PM +0200, ilf wrote:
> > I wonder why the suckless-websites are only available in HTTP, not
> > in HTTPS. In the age of letsencrypt.org, there aren't a lot of
> > valid excuses against TLS. Am I missing one
Mark Mendell:
This is on my TODO list for quite some time. Expect it to happen until
end of this year.
Good to hear. Thanks a lot!
--
ilf
Über 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg!
-- Eine Initiative des Bundesamtes für Tastaturbenutzung
signatu
On Sat, Sep 24, 2016 at 8:54 PM, ilf wrote:
> I wonder why the suckless-websites are only available in HTTP, not in HTTPS.
> In the age of letsencrypt.org, there aren't a lot of valid excuses against
> TLS. Am I missing one from a suckless-philosopy? Or has this just never been
> requested?
>
> I
On Sat, Sep 24, 2016 at 08:54:39PM +0200, ilf wrote:
> I for one would love to see unencrypted communications on the internet die.
HTTPS CA concept is broken in itself, then adds unwanted complexity.
The middle grounds would be:
- to self-sign suckless certificate
- use a properly
Sylvain BERTRAND:
HTTPS CA concept is broken in itself, then adds unwanted complexity.
X.509 is bad design, but we can leave that for people that really don't
know any different - and it's still better than unauthenticated
cleartext.
Everyone else - the suckless crowd - can use certificate
