Marque-page

Why this Website is not, and may never be, HTTPS

http://misc-stuff.terraaeon.com/articles/not-https.html

“I have good reasons for not using a TLS certificate. First, I don’t see the need. This is not an ecommerce website, and visitors cannot download programs or anything other than the HTML, CSS, and JPG files that constitute the contents of the articles I post. If some users are afraid of a possible man-in-the-middle attack, I can only say that if an imposter site encourages you to pay for something or download code, you will immediately know you are in the wrong place.”

[…]

“Lastly, as the operator of a personal website, I object to any outside control. I run my own website on my own server for exactly this reason. Apparently, few Internet users or web developers understand that a TLS certificate is an outside control. If you don’t understand why, I will explain it to you. A TLS certificate is issued by an organization that is not controlled by website owners, website developers, or users of the Internet. That means any time the issuer wants to raise requirements or fees for issuing TLS certificates, he is free to do so. The burden may be light now, but all that has to happen is for a government—any government—to step in and and begin demanding more control.”

Autour du même sujet