[Lumiera] Server HTTPS

Christian Thaeter ct at pipapo.org
Fri Oct 26 19:51:52 CEST 2018



On 2018-10-26 13:23, Hendrik Boom wrote:

> On Fri, Oct 26, 2018 at 06:33:07PM +0200, Ichthyostega wrote:

....

> Suggest you continue to make http: available, even if you do progress 
> to https:
> 
> Sometimes the extra security is unnecessary.  And very old machines
> with obsolete browsers may not even be able to do https:
> 

I agree with that we won't really need the extra security from https and
this https-everywhere dogma isn't perfect *but* for following reasons
I'd stay with https only:

- I don't know any browser (even reasonable old ones) who can not do
  https, iirc thats even more widespread than javascript support. Only
  few obscure browsers (I by myself use sometimes) like lynx, w3m, links
  can be compiled without https support. But even that is rare, usually
  https is included, even on modest/old hardware, raspberry pi and
  distros targeted to old hardware.

- Lumiera/Video editing is really not targeted to audiences with
  antique hardware. Even when we aim for decent performance on modest
  hardware, I doubt anyone with something that old (i mean less than
  1Ghz machine, 32Bit OS, less than 1GB RAM) will ever try to edit
  video on that machine.

- Serving both actually is a par excellence example how one could open
  a vector for a downgrade attack making lots of the security void. If
  I would be google I would de-rate sites serving both more than http
  only sites.


	Chrisitan


> -- hendrik
> _______________________________________________
> Lumiera mailing list
> Lumiera at lists.lumiera.org
> http://lists.lumiera.org/cgi-bin/mailman/listinfo/lumiera
> http://lumiera.org/donations.html


More information about the Lumiera mailing list