I’m astounded to see people still arguing “my site doesn’t need HTTPS” so I’ll put it simply: either spend a few mins putting it on your site now or continually explaining to your visitors why your site is not “not secure” until you end up doing it anyway. It’s not a negotiation.
-
-
I tell people to resist this attitude. I tell them one day you will upset someone...and it won’t be huge but more like people who think you shouldn’t write articles about blue bikes. Then the upset won’t come to you but your CA, and they will revoke it. What do you do for speech?
1 reply 0 retweets 0 likes -
Why don’t people care what happens when a small handful of companies can shut down websites at will be revoking carts.
3 replies 0 retweets 2 likes -
-
http://stripe.ian.sh ? Revocation is a problem. Browsers should probably remove CRL support so the only way to revoke is not to renew, leaving unfairly revoked sites 3 months to get a new cert provider.
1 reply 0 retweets 0 likes -
-
Replying to @syberghost @troyhunt and
Yes because it got new certificates. Multiple times. But unwarranted revocation puts a site effectively offline until they can obtain a new cert.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @troyhunt and
That site was using intentionally-misleading EV certs to demonstrate that EV is stupid. Everybody who doesn't sell EV certs for a living agrees that EV is stupid. This has nothing to do with using HTTPS instead of HTTP.
1 reply 0 retweets 2 likes -
Replying to @syberghost @troyhunt and
Agreed, but it shows that there are irresponsible CAs revoking certs & that it's a real-world risk. I don't see this as an argument against https/dropping-plain-http, but it's a problem that needs to be solved.
1 reply 0 retweets 0 likes
Need for cert adds an additional layer (on top of domain registrar, dns, hosting) where the powerful can exercise influence to get a site taken offline.
-
-
Replying to @RichFelker @syberghost and
You haven't heard of Let's Encrypt, have you?
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.