Wednesday, February 3, 2016

Switching to HTTPS

Rainer Brockerhoff:

I’m using the invaluable https://www.whynopadlock.com/ checker for this, and already managed to get an A rating from the equally invaluable https://www.ssllabs.com/ssltest/ page.

Dave Winer:

The problem of requiring HTTPs in less than 140 chars: 1.Few benefits for blog-like sites, and 2. The costs are prohibitive.

There’s actually a #3 (sorry) -- 3. For sites where the owner is gone the costs are more than prohibitive. There’s no one to do the work.

Here’s a ten-minute podcast summarizing where we’re at with Google and Mozilla and HTTPS.

2 Comments RSS · Twitter


I don't get what Dave Winer is writing: Thanks to Let's Encrypt, my hoster offers SSL for free and many other do too. You basically go to the control panel and enable SSL with one click.

All connections should be encrypted IMHO anyway.


Here:
http://scripting.com/liveblog/users/davewiner/2016/01/29/0946.html

A choice quote:
"A former exec at one of Google's competitors explained what is possibly their real motive. Google doesn't want its competitors to write bots that scrape their search engine."

I don't think Google is *that* conspiratorial. I believe their push for SSL is dictated by security concerns, and regardless, Google's search engine will continue indexing non-HTTPS sites.

Leave a Comment