Why does FreeBSD insist on https?
galtsev at kicp.uchicago.edu
Thu Apr 2 21:30:21 UTC 2015
On Thu, April 2, 2015 4:06 pm, Charles Swiger wrote:
> On Apr 2, 2015, at 1:26 PM, Dieter BSD <dieterbsd at gmail.com> wrote:
>> Why do so many FreeBSD URLs redirect from http to https?
>> What is this intended to accomplish?
> Security? Confidentiality? Strong(er) assurance of content integrity?
> There are an increasing # of transparent proxies which rewrite
> content, inject ads, even inject malware for HTTP which are foiled
> by switching to HTTPS + HSTS (HTTP Strict Transport Security).
>> This is user-hostile. Some browsers cannot do https, and there are
>> good reasons (unrelated to http vs https) to use these browsers.
> Any browser which does not support HTTPS is either obsolete or simply
> missing critical functionality. Your bank, online stores, utilities,
> almost any site with a login are all going to require HTTPS.
> However, if you prefer to interact with the web by having a script which
> performs wget and emails you back the results, go right ahead. :-)
Or maybe that was just an innocent looking attempt to request change that
will make FreeBSD site vulnerable as well - from those who exploit these.
After all gmail is pretty faceless e-mail address...
Just a wild guess ;-)
>> There are also good reasons to prefer http over https even with a
>> that can do https. Https is useful when needed, but it isn't needed
>> Can someone *please* fix this?
> You should expect that as time passes, more and more sites will either
> to HTTPS only and/or will switch to HTTP/2 which encourages browsers to
> try and
> connect via HTTPS even for http URLs.
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
More information about the freebsd-questions