Reminder: HTTPS isn't encryption. It's encryption with delivery integrity assurance. The integrity it provides is why HTTP is being killed.
-
-
That's the dream, who knows.
-
More like a nightmare if we do that before code integrity is *actually* verified through code signing and not just transport encryption.
-
As-is the way people are being muscled over to HTTPS (for their own good, mind) is as much a handout to cloudflare as it is actually helpful
End of conversation
New conversation -
-
-
.
@RichFelker@SwiftOnSecurity if you do that you will cut out all soho devs and dom. routers/printers -
Anyone can add TLS trivially. This is 2017 not 1995. We have
@letsencrypt. -
.
@RichFelker@SwiftOnSecurity@letsencrypt backporting to existing devices might not be trivial
End of conversation
New conversation -
-
-
You might want to have a look at Subresource Integrity in the meantime:https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity …
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.