[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Lynx-dev] TLS-"transport layer security" & LYNX
|
From: |
David Niklas |
|
Subject: |
Re: [Lynx-dev] TLS-"transport layer security" & LYNX |
|
Date: |
Sat, 28 Jul 2018 11:26:57 -0400 |
On Tue, 24 Jul 2018 09:14:25 +0100
David Woolley <address@hidden> wrote:
> On 24/07/18 01:31, Mouse wrote:
> > Actually, in my case, it's the fault of webservers that refuse to
> > serve anything over HTTP except a redirect to HTTPS. I neither have
> > nor want HTTPS support.
> >
>
> They are just following an industry trend orchestrated by Google. In
> particular, having a non-HTTPS site will result in appearing a long way
> down the Google search results. Most sites are either their to sell
> something, or to sell people to advertisers, so they want a good google
> ranking.
>
> Even when the contents is the primary reason for the site, hosting
> costs have to be paid, and that is often done by advertising.
>
> It's difficult to get a good explanation for the policy, but my guess
> is that is the number of people accessing from mobile devices using
> public hot spots.
The reason that https is being mandated is so that everyone has
protection from the NSA and other governments and companies (and I have
personally, and frequently encountered all of the above, here in the US),
manipulating connections, blocking connections that are deemed
"unwanted / illegal / etc.", and spying on user agents.
"Illegal" often has nothing to do with traditional (i.e. Christian),
morality and more to do with the ruling classes desire not to face any
dissension from exterior sources.
Thus governments and companies are faced with the choice of either
blocking the whole domain or non at all.
And connection manipulation becomes impossible, but that does not stop US
companies and the government from manipulating anything that is not
encrypted.
If a site offers both http and https then the US government will actually
go as far as blocking the https version. I am referring to the
US libraries here.
This is not to mention the "sign on" pages that you encounter when you
visit any number of "open" wifi access points.
All that being said, I'd be interested in knowing what Thorsten Glaser
was talking about with respect to TLS 1.3. I though, perhaps somewhat
naively, that all headers, cookies, and the resource(s) you are
requesting are encrypted thus nothing could be leaked / manipulated / or
affected during the session. The best an adversary could do was guess
what you asked for.
Sincerely,
David
- Re: [Lynx-dev] TLS-"transport layer security" & LYNX, (continued)
- Re: [Lynx-dev] TLS-"transport layer security" & LYNX, Paul Gilmartin, 2018/07/23
- Re: [Lynx-dev] TLS-"transport layer security" & LYNX, Mouse, 2018/07/23
- Re: [Lynx-dev] TLS-"transport layer security" & LYNX, Thorsten Glaser, 2018/07/23
- Re: [Lynx-dev] TLS-"transport layer security" & LYNX, Mouse, 2018/07/23
- Re: [Lynx-dev] TLS-"transport layer security" & LYNX, David Woolley, 2018/07/24
- Re: [Lynx-dev] TLS-"transport layer security" & LYNX, Stefan Caunter, 2018/07/24
- Re: [Lynx-dev] TLS-"transport layer security" & LYNX, Mouse, 2018/07/24
- Re: [Lynx-dev] TLS-"transport layer security" & LYNX, Halaasz Saandor, 2018/07/29
- Re: [Lynx-dev] TLS-"transport layer security" & LYNX, Larry Hynes, 2018/07/24
Re: [Lynx-dev] TLS-"transport layer security" & LYNX,
David Niklas <=
- Re: [Lynx-dev] TLS-"transport layer security" & LYNX, Mouse, 2018/07/28
- Re: [Lynx-dev] TLS-"transport layer security" & LYNX, Thorsten Glaser, 2018/07/28
- Re: [Lynx-dev] TLS-"transport layer security" & LYNX, Mouse, 2018/07/28
- Re: [Lynx-dev] TLS-"transport layer security" & LYNX, Steffen Nurpmeso, 2018/07/28
- Re: [Lynx-dev] TLS-"transport layer security" & LYNX, Travis Siegel, 2018/07/28
- Re: [Lynx-dev] TLS-"transport layer security" & LYNX, David Woolley, 2018/07/28
- Re: [Lynx-dev] TLS-"transport layer security" & LYNX, Thorsten Glaser, 2018/07/28
Re: [Lynx-dev] TLS-"transport layer security" & LYNX, David Niklas, 2018/07/29