Another step towards crowdfunding
Micah Lee
micah at micahflee.com
Wed Dec 18 00:01:43 CET 2013
On 12/17/2013 02:59 AM, Werner Koch wrote:
> Well, bowsers could first try to use https. Would it help them to provide
> a SRV record for this?
The reason is because people often have different websites running on
port 443 than they do on port 80, and people also often have
non-browser-trusted certs.
For a prime example, check these two:
https://www.theguardian.com/
http://www.theguardian.com/
If the browser tried https first, everything would would break, not to
mention if you click through the cert warning you just get a generic
"The page cannot be displayed" error page.
This is why HTTPS Everywhere needs thousands of intricate rulesets to
maximize the number of HTTPS requests, and do things like make cookies
use the secure flag.
>> If you want to fix this, you could make all incoming http traffic
>> respond with a 301 redirect to https.
>
> I am not sure whether this helps. If we eventually offer http download
> we could use https: fro that instead. There is also a plan for provided
> a hidden tor service.
I think it would help. There's no reason that security software should
serve anything over port 80 besides 301 redirects to port 443.
> I hesitate to pay the highwaymen.
Yeah...
The problem is you're wanting to make GnuPG go mainstream but then you
end up with people seeing this: http://i.imgur.com/53nvUqm.png
--
Micah Lee
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20131217/cbfe0833/attachment.sig>
More information about the Gnupg-users
mailing list