Message6053
Hi Paul:
Regarding HTTPS: it would be very nice to have. It is just who gets
around doing the work and detangle the dependencies with the Python
trackers.
Regarding: Enforcing HTTPS, which I believe HSTS does:
I'm not sure about the downsides.
For both potential downsides I gave there are examples:
a) applicances inspecting/breaking HTTPS connections and causing problems.
E.g. see
https://jhalderm.com/pub/papers/interception-ndss17.pdf
It is a study that shows that a significant fraction of HTTPS traffic
is negatively influences by such applicances.
b) Countries or Companies blocking HTTPS access, an example is
that the Chinese Wikipedia was blocked by China because of the
use of HTTPS. (According to Wikipedia at
https://en.wikipedia.org/wiki/Internet_censorship_in_China ) |
|
Date |
User |
Action |
Args |
2017-12-13 11:29:47 | ber | set | messageid: <1513164587.67.0.213398074469.issue2550940@psf.upfronthosting.co.za> |
2017-12-13 11:29:47 | ber | set | recipients:
+ ber, rouilj, paulschreiber |
2017-12-13 11:29:47 | ber | link | issue2550940 messages |
2017-12-13 11:29:46 | ber | create | |
|